PDA

View Full Version : Help removing virus infection? (Kido/Conficker I think)



Agent_24
13-11-2009, 12:03 AM
I have a separate install of windows XP on a different drive specifically for the new Entropia Universe game.

Since I need to upgrade to run the game properly and I haven't yet, I used nLite to remove as much of XP as I could and then I didn't install anything except drivers to keep RAM usage down as much as possible

Now, by way of an infected USB drive I forgot to clean first, I have infected it with Conficker I believe.


I thought I had removed it, I removed all the files, and registry entries but I still can't change the "show hidden files" option to actually show hidden files.


I have since installed the latest Avast! beta and also scanned the drive offline with Comodo and ClamAV and Nod32 web scanner, they all came up clean.

I thought it was just a registry entry I hadn't seen BUT it would seem that something is changing it back every time. Which is disturbing because nothing I scan with seems to detect anything

zqwerty
13-11-2009, 08:44 AM
Well I haven't used this but you could try:

http://www.bdtools.net/how-to-remove-downadup.php

also, more here:

http://www.bleepingcomputer.com/virus-removal/remove-downadup-conficker

Speedy Gonzales
13-11-2009, 08:54 AM
Disable system restore, see if this removes it (http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99)

Agent_24
13-11-2009, 01:15 PM
System restore was already disabled,

I have deleted the dll from system32 but something keeps changing registry entries

I cannot view hidden files no matter what :(

Speedy Gonzales
13-11-2009, 01:19 PM
So, did you try that removal tool?

Agent_24
13-11-2009, 03:09 PM
Tried the Bitdefender one, it just said there is nothing there.

I am running the Symantec one now

wainuitech
13-11-2009, 09:45 PM
May not even be conflicker.

Check this reg key out - Click Start/Run type in regedit Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

Find a key called CheckedValue.

Double Click CheckedValue key and modify it to 1. (This is to show all the hidden files.)

If that doesn't work, have a look at These suggestions (http://www.technize.com/2007/05/13/show-hidden-files-and-folders-not-working/) the one above is also listed. You may need to alter other reg keys, or re-register certain files.