Virus Win32/Chir.B@mm - Help

T

Tigerman

Active Member
Joined
Sep 29, 2011
Messages
66
Reaction score
0
Location
Cape Town
For a couple of days now only my computer at work - we have a rudimentary network with basic internet server - has been attacked by this virus - Win32/Chir.B@mm; also a worm. The anti-virus software quarantines it but it replicates rapidly anyway. My computer's firewall is on.

It seems only my computer is affected but its causing havoc, slowing applications down. In the end I unplugged the network cable. I've asked the IT guy for another anti-virus assuming the current software is not up to the task.

I read about this virus on the internet. But why is only my computer affected? Will changing the AV software help?
 
The best thing to do is to use an Anti-Virus Boot Disk or to take your hard drive out and scan it in another PC.

The reason is that you have to scan the drive while the virus is not active in memory.
As long as the virus is active it can hide itself and replicate and avoid detection or deletion (it can also do far more damage to your system).

Your IT guys should know how to remove the drive and scan it in a clean PC.
 
Hmmm, I seem to have removed this one more times that what i remember - friends and then friends of friends, family, etc seem to rub into this quite often. Anyway, i would second the advice given already, but i would just add that a scan for virut would also help, along with a rootkit scan.

And if by chance theres no other machine to put the hard drive in, here's how I do this without removing the hard drive:
Download the following:
AVG Virut removal tool
The AVG Win32/Chir removal tool
Your anti virus installation files (just in case)
A manual definitions update file for your antivirus (again, just in case)

Now pray that you dont find Virut on your machine :-)
Also, make sure that everything is stored on a hard drive somewhere, as you dont want to be plugging usb drives in while you are cleaning, as they could be infected as well, and thwart your efforts.

First, disconnect your machine from the network. That includes wired, wireless, etc
Close any open shares. This is more for protection once you are clean.
Do system cleanup, ensuring that you clean out temporary files, trash, etc.
Then remove any saved system restore points.
Now run the Virut removal tool. If possible, at the same time, run your antivirus's rootkit scanner.
Once both have finished running, reboot the machine. The Virut removal tool may run again during bootup. Wait until it is finished.
Once you are back in Windows, run the Chir removal tool. If it detects anything, start the Virut removal tool again at the same time.
Wait for both to complete, then reboot.
Now once back in windows, make certain that your AV is functional and up to date. Use the installation/ update files previously downloaded, if not.
Now do a full system scan.

When all is clean, connect back to the network and you should be fine. You might need to turn on system restore points again...

Anyway, thats what usually works for me... hope it helps someone else. Just note thaat I am not taking any responsibility for any loss if you follow the above. Its what worked for me and thats all im saying :-)
 
Thanks.
"Chir.B is a stubborn infection which can cause chaos on your computer ...." It is still bugging me ..... I'll try the removal software until IT guy can do a full and proper scan.
 
Yep. But I'm willing to bet that the reason it doesn't go away is because there's something else sitting on your machine thats putting it back. And I'm willing to bet that the something else is Virut. And Virut usually (at least in my experience) is accompanied by a rootkit that is installed somewhere, so trying to remove Virut becomes pointless.

Anyway, try the steps in my previous post (at your own peril :)). And here are the links to the removal tools I mention in it:
Chir removal
Virut removal

Post back if you run into any issues...
 
You're so right.
I ran the malicious software program and left it on overnight. Hundreds of files had been infected in the systems volume information folder by Chir.B and Brontok.DF@mm worm (this one has also been a nuisance too). The program, with qualifications that it will "help" remove the viruses, did its thing.
But they're back .......!
I'll the removal tools, thanks
 
Face it, your PC is a lost cause.

Back up crucial data, nuke the HDD from orbit, reinstall Windows.

Then, before you install any applications or restore data, install AVG Free, update, and run the full Windowsupdate gauntlet.

Then you do the restore thing.

And don't backup/restore any *.EXE or *.COM files - these should be treated as suspicious by now.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X