Question

  • Creator
    Topic
  • #2220879

    1weicxa.com virus is killing me people, please help

    Locked

    by surprino ·

    My computer has been infected with virus 1weicxa.com, this virus disabled my show hidden files, I have tried changing the registry entries to enable it but still. My C and E drives have an autorun.inf file I cant delete. When I double click them the autoplay box pops up asking to choose a suitable program to open the file. I cant even delete them. The lastest version of Mcafee cant detect nor delete it, The latest NOD32 failed, Bitdefender Failed, AVG Failed, ZoneAlarm Failed, Xoft Failed, Avast Failed, Super Spyware Failed, Kaspersky Failed, F-Prot Failed…. Any other option peoplpe..? PLease note the above mentioned anti-viruse’s have the latest updates of which were updated from this weekednd(5th of April) please assist….. One more thing, when you insert a USB infected with this virus, the anti-virus can detect it but cant stop it’s infection

All Answers

  • Author
    Replies
    • #2660491

      Clarifications

      by surprino ·

      In reply to 1weicxa.com virus is killing me people, please help

      Clarifications

    • #2660485

      Have you been scanning in Safe Mode ?

      by older mycroft ·

      In reply to 1weicxa.com virus is killing me people, please help

      NT

    • #2660478

      Try this download…

      by Anonymous ·

      In reply to 1weicxa.com virus is killing me people, please help

      http://info.prevx.com/downloadcsi.asp

      Hopefully it will get rid of it for you.

      Please post back if you have more problems or questions.

      • #2660368

        Prevx identified my laptop tracker as a virus !! …

        by older mycroft ·

        In reply to Try this download…

        Now I can see where this might happen but for a tracker that’s been around for at least three years I find it hard to believe that an up-to-date antivirus package should do this.

        • #2660328

          Nobody’s perfect :-)

          by captbilly1eye ·

          In reply to Prevx identified my laptop tracker as a virus !! …

          enuf ’bout that…

          excuse my ignorance, but what exactly is a laptop tracker?

          I’m sure if you use it it has value. I’m just curious.

        • #2660731

          Y’know – like “ET …phone home” …

          by older mycroft ·

          In reply to Nobody’s perfect :-)

          It’s a ‘phone home’ doobrie.

          If the laptop gets stolen, as soon as it connects to the internet it sends an email to you. It’s like your very own invisible dialer virus! 😀

          I’ve got a Gmail account for just receiving emails from the laptop. It sends an email every time I connect to the internet, presumably just to reassure me that I am still alive.

          It wasn’t installed in the first laptop that got stolen, so that wasn’t much good.

          It was installed in the second stolen laptop, and DID email me which I passed on to the Cops. The guy was traced but poured Guinness into the lappie just before getting arrested!

          This laptop is so far a non-drinker. 🙂

          ::: Mind you it’s just a bog-standard lappie so not likely to get stolen.

          BOTH the stolen ones were Rock Xtremes and highly stealable, more is the pity.

        • #2660613

          Thanks. I’ll definitely check into it.

          by captbilly1eye ·

          In reply to Y’know – like “ET …phone home” …

          🙂

      • #2660321

        Oooops…

        by captbilly1eye ·

        In reply to Try this download…

        Sorry, PT, I guess I shoulda read your post first before replying. I could have avoided the redundancy.

        just goes to show: like minds…

        • #2660074

          No problem…

          by Anonymous ·

          In reply to Oooops…

          NT..

    • #2660371

      Here’s one that has worked:

      by captbilly1eye ·

      In reply to 1weicxa.com virus is killing me people, please help

      Prevx should find remove 1weicxa.com.
      Here’s where you can first try the free scanner and then get the full version if it finds it:
      http://info.prevx.com/downloadprevx2.asp

      I believe it is a varient of Worm.Autorun.Dcz.

      I hope this helps.

    • #2660704
    • #2551233

      I have the same problem. Tray this and the problem will be solved.

      by devkamc ·

      In reply to 1weicxa.com virus is killing me people, please help

      Download AVZ script program from this location: http://rapidshare.com/files/105329752/avz_se.zip
      Past the following script.

      begin
      SearchRootkit(true, true);
      SetAVZGuardStatus(True);
      QuarantineFile(‘C:\1weicxa.com.com’,”);
      QuarantineFile(‘C:\autorun.inf’,”);
      QuarantineFile(‘C:\WINDOWS\system32\amvo1.dll’,”);
      QuarantineFile(‘C:\WINDOWS\system32\amvo.exe’,”);
      QuarantineFile(‘C:\WINDOWS\system32\Tbar.exe’,”);
      QuarantineFile(‘C:\WINDOWS\system32\amvo0.dll’,”);
      DeleteFile(‘C:\WINDOWS\system32\amvo0.dll’);
      DeleteFile(‘C:\WINDOWS\system32\amvo.exe’);
      DeleteFile(‘C:\WINDOWS\system32\amvo1.dll’);
      DeleteFile(‘C:\autorun.inf’);
      DeleteFile(‘C:\1weicxa.com.com’);
      DeleteFile(‘D:\autorun.inf’);
      DeleteFile(‘D:\1weicxa.com.com’);
      DeleteFile(‘E:\autorun.inf’);
      DeleteFile(‘E:\1weicxa.com.com’);
      DeleteFile(‘F:\autorun.inf’);
      DeleteFile(‘F:\1weicxa.com.com’);
      DeleteFile(‘D:\cayfq2.cmd’);
      DeleteFile(‘E:\cayfq2.cmd’);
      DeleteFile(‘F:\cayfq2.cmd’);
      BC_ImportALL;
      ExecuteSysClean;
      BC_Activate;
      ExecuteRepair(6);
      ExecuteRepair(8);
      RegKeyIntParamWrite( ‘HKLM’, ‘SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum’, ‘{BDEADF00-C265-11D0-BCED-00A0C90AB50F}’, 1);
      RebootWindows(true);

      Enjoy

      • #2659693

        oNE pROBLEM

        by surprino ·

        In reply to I have the same problem. Tray this and the problem will be solved.

        Thanks for the tip but erhh…..

        When I try downloading the file from rapidshare the site request I type the six letter’s and I can only type four on the allocated space below and keeps giving me error message… Any advice?

      • #2659691

        OOPS

        by surprino ·

        In reply to I have the same problem. Tray this and the problem will be solved.

        wHEN i REFRESH THE PAGE IT SAYS MY IP ADDRESS IS ALREADY DOWNLOADING THE FILE I HAVE TO WAIT TILL DOWNLOAD IS COMPLETE… AND I HAVENT EVEN STARTED DOWNLOADING ANY FILE… IS RAPIDSHARE THAT TROUBLESOME? I WILL WAIT A FEW HOURS AND TRY DOWNLOADING IT AGAIN….

    • #2567281

      weicxa.com virus is killing me people …might help to some extent

      by pleaseaskme ·

      In reply to 1weicxa.com virus is killing me people, please help

      Even my box got infected with this worm.
      1.It has hidden autorun.inf file and 1weicxa.com
      both remain hidden
      2.Even delete one file can recreate the other file.
      3.Due to this inf file it makes your explorer working like donkey and machine too slow.
      4.The Registry value is show/hide always remain in Hide mode whatsoever is tried.
      I could not get answer for this.my machine reg got corrupt.

      HOW TO CLEAN:
      1.If you know to disable “autorun function of any drives do it.” ie pen drives or CD or DVD.
      I did this using a demo verion of registry tools. there are many you can find one.

      2.then either by batch or manual mode open the DOS console and fire this comand.
      Also if your machine has say a: b: c: d: …
      …. z: drives. Use the same below command just change the respective drive letter.
      example : and so on

      —-SAVE THIS as WORM_REMOVE.BAT
      dir /a:hr 1weicxa.com
      dir /a:hr autorun.inf

      del /q /a:hr d:\autorun.inf d:\1weicxa.com
      del /q /a:hr c:\autorun.inf c:\1weicxa.com
      pause
      —-SAVE THIS as WORM_REMOVE.BAT

      once you had fired this command dont start browsing any drives.This might again trigger inf files and worm will hide.
      ONCE THIS ALL IS DONE. ITS OK. DO THIS EXERCISE COUPLE OF TIMES.

      Best Regards
      AMK

Viewing 6 reply threads