Virus awon't go away or be detected

[Greencow_555]

Hi guys,

I've got a crazy virus that I can't get rid of. I've reformatted my drive 3 times and it just comes back. No virus software picks it up, even though I can see the files clearly in the msconfig startup tab and in my file directory.

After reformat, the following items begin to appear on the MSconfig startup tab with different names each time:
Presently it is:

Quru\yxtyp.exe

MY web pages keep getting redirected and the I get rundll errors when I try to open cmd.


I've tried AVG, Avira, MSE and Malaware Bytes and none of them detected anything.

I'm running windows XP Pro.

Any ideas of how I can clear this thing off when it is surviving reformatting?

Many thanks

addtionally,

Looking through theregistry it seems the file logtec32.exe is also part of it. Everytime I uncheck these files in MSconfig, they are immediate rechecked by the time I've rebooted. Their are entries in the registry, how did they get there? whats happening? lol. I just want it gone.

thanks again,.

 

[joelm3103]

Try using this guide: Spyware Asylum - XP and run the full scan. You might have to download and try the items in Safemode to ensure minimal/necessary items are used by the system. Post all logs back here to be reviewed and await further instructions.

Also if none of the software picked up anything, how do you know you're infected? What signs lead you to investigat

?

 

[Crazypete3]

I also highly recommend spyware asylum mainly because Combofix doesn't just detect viruses it fixes your system up to the way its supposed to be. If that doesn't work you could always try SUPERAntiSpyware and Hitman Pro 3.5. Also you could post a Combofix log on here, i'm sure Osiris will ask for it soon =P

 

[KSoD]

Hi guys,

I've got a crazy virus that I can't get rid of. I've reformatted my drive 3 times and it just comes back. No virus software picks it up, even though I can see the files clearly in the msconfig startup tab and in my file directory.

The simple answer is this. There is either something wrong with the disk your using to install or one of the programs your installing is infected. There is no way a virus will survive a format. If it keeps coming back like you say, then it is something that is attached to a program your trying to install or if your not using a XP Disk from Microsoft the Disk itself is hacked and infected.

 

[SoupDoGG]

Might I suggest Spybot Search & Destroy? or does this not sound like spyware, not sure if it covers more then that. I always use it for the immunization anyway, always nice to have that extra protection right?

Edit: Mak why is that, I've always wondered. How can a virus take over System Control, and anything else, but not a format? like... Couldn't it make it so the Format option is somehow removed/canceled/unclickable, or just make it so it only restarts the computer and nothing else?

 

[KSoD]

A Format whipes the system clean. There is no way that a virus can prevent a format from erasing the specific section it is located so that it could survive and come back after Windows was reinstalled. Who is to say that the format wasnt to EXT4 for HFS+ to install Linux or OS X? At that point the virus is useless and wont serve any purpose.

There is no way to trick the whole system into thinking that a format wasnt done. Especially when you can use bootable tools like GParted where your not even in Windows when you format. There is no way a virus can know what tool your using or if your using a LiveCD like GParted. Added into that, you cant even format the C:\ from within Windows, cause your using it. So you have to use a bootable device! So there is no way that a virus can stop it or save itself.

There are to many factors that come into play. There is no way a virus writter could possibly know how your going to format to write something to prevent you from formatting. Even then they would have to stop such tools as DBan and KillDisk as well, which isnt wont happen. So there are more ways to kill a virus using a format than there are trying to save it for after a format. It just cant happen.

 

[Greencow_555]

Thanks for the replies guys. I'll give these all a go now.

My windows drive is actually partitioned... could a virus hide on the partition that doesn't get formatted?

The main problems the virus is causing is that everytime I do a google search, any of the search results that I click take me to ad sites for various things, like holidays, offers, etc...

I currently have spy sweeper, ad aware and MSE and none of them get anything.

 

[KSoD]

Yes the virus could easily be hiding in the drive that is not being formatted. You need to use Combofix and MBAM and scan the other partition, not just the OS partition.

 

[PP Mguire]

Most spyware "destroyer" programs are BS and are loaded themselves. Im with Mak and i think something your installing is infected or you have a virus on your other partition. A virus can also hide in the MBR but youd have to be playing in some nasty stuff for someone to WANT you to have a virus in this particular area. Needless to say, dont think its the case here. Use NOD32 to scan your WHOLE drive to see if anything is infected. There are also other ways a virus can stay on a drive even after a format but its specific and im to lazy to go into detail and still dont think its the case here.