win32.trax

O

[OUPA]MrNutz

Expert Member
Joined
Jan 21, 2005
Messages
1,791
Reaction score
14
Location
Vereeniging
have got a recurring problem:

have a pc with win32.trax

i cleaned pc with whatever:

avast
bitdefender
kaspersky...

leave one of the 3 installed running.

week later

again win32.trax infection

have disabled system restore.
cleaned EVERY temp/file/dir/cookie

any suggestions?

i've done the suggested registry fix/removal - doesn't help - it just comes back after a while..
 
Have you restarted in Safe Mode and scanned for the bugger?

Also, did you tried AVG Free yet? And a rootkit detector as well?

Does it come back after you started a certain program, or visited a certain website?
 
yeah..did the safemode thing....was clean

avast also did a preboot scan - made sure its 100% clean afterwards.

they operate about for 3-5 days - then it gets back into the system.

bloody virus creates an .exe file of the directory name in EVERY directory on pc.
 
My advice - create a Bart PE bootdisk with McAffee on it. Boot off the disk so that your files are not in use. now do your virus scan...
 
more detail received...

this pc hasn't been receiving updates to windows...due to using telkom spacestream express...(located on a farm)

it is behind a natted internet setup - so security should be "ok" - the lack of updates however worries me.....its not very fast 512/128..but massively shared.

gonna collect the pc - and let it burn 100-150mb's xp updates...does have sp2 @least i understand.
 
i got the worm a couple of days ago from a friend who plugged a USB flash drive into my notebook.

i noticed there was a autorun.inf file on the disk, but didn't think anything of it... stupid me.

i killed all the processes that I did not recognise and did a full scan, removing all infected files. it did appeared again the next day and I repeated above procedure. it hasn't appeared again (yet); it's been a week now.
 
Download Spybot Search and Destroy

Install it.

Do the first-start steps (reg backup, updates, immunize and scan)
Fix all problems that it finds.
After fixing, click on the "mode" button at the top and click on "Advanced"
Click on Tools at the bottom -> system startup. This will show you a more complete list of startup entries of your windows installation (much more complete than msconfig's)
untick all red-highlighted entries.
untick all suspicious entries except those starting with "WinLogon (Current System)" unless you know that it's a bad file. (note the location of the file in the entry to know whether it's suspicious or not)
Entry values starting with "Nv____" are generally nvidia driver files (if you have a nvidia display adapter installed)

This would help to prevent it from being added to the startup which reinfects your pc.

Also follow these procedures to delete specific registry entries: linky

I hope this helps :)
 
I used NOD.. scanned it with the IN-DEPT ANALYSIS OPTION...

Also scan any USB drives you have like flash drives.... I got the same virus from a campus pc thru my flash disk
 
ok..

dunno where it came from - but it has a nice hideout in system restore.

all now clean...avast and spybot combo worked nicely...AND applied their xp updates.

works 100%
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X