Expert: Lenny - 2/25/2009

Question
Hello,
My two computers are infected by a virus and no antivirus can disinfect them, Problem raised when I started to upgrade a computer Windows XP from SP2 to SP3. After installing windows and programs I noticed some of drives do not open by double click and the 'Open With' prompt pops up, I searched the internet and downloaded a tool 'Flash_Disinfector' after running it drives opened normally, I also Scanned whole system by Antivirus and it found many infected system files in the windows folder so I Formated C: and reinstalled windows from my old Windows XP SP2 cd, Again I faced with the drive not opening problem so I ran the  'Flash_Disinfector'  and scanned system by Avast, Kaspersky and Symantec, Each of them found many viruses and cleaned them. while I was bussy scanning the computer I copied some files from the computer to a Flash disk and attached it to my laptop, Since Flash was infected, Avast on laptop alerted me and showed some windows files in C: are infected and prompted me to choose an action, I did the recommended action that was 'Move to Chest', Again avast alerted me that it finds a virus I took no action and put computer to standby, When I returned and boot the Laptop there was only windows wallpaper and no icons and mouse didn't work, I realized that Windows on laptop is infected and I have to reinstall windows So I did it by my old Windows XP SP2 cd, When I entered windows I faced the drive problem this time on laptop, Although I can use  'Flash_Disinfector' on computers each time the problem raises but when I attach an external hard disk or flash disk or reinstall the windows (I format C: and use my old XP SP2 cd) problem raises again, I scanned my computer and laptop many times and by using many antivirus programs but they can't find and remove this unknown virus.
Can you please help me how can I locate and remove this virus and disinfect my computers?

Answer
Hello Maziar,

I understand you are undergoing through a very difficult time. Firstly, it is good to know "Flash Disinfector" does come packed with a well known Trojan-kind infection called "Generic.dx" .This inhibits it being detected as it has taken control of your hard drives and it is the sole controller of the system in order for the USER/S to access files that have been made inaccessible. And that is why it remains completely hard to remove and completely discreet unless otherwise you initiate or rather use it. There are a few steps you should follow in order for you to successfully sweep clean the hard-drive out these infections along with other accomplices.

Please do the following;

1-FIRST STEP
-Disable "System Restore" by right-clicking on "My Computer" then click on "Properties" then "System Restore" tab then uncheck "Turn Off System Restore"
-Click "Apply" then "OK"

2-SECOND STEP
Then click on the links below and download Norton Removal Tool.Just download the file and save it on a specific location;
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2007080716223439?Open&d...
Run it to remove all Norton products.Please perform this step ONLY if you have the original disk and product key.

3-THIRD STEP
-Now click on the link below to download Malwarebytes Antimalware free version.Please do not purchase the full version as the free version is perfectly OK for the assignment;
http://www.filehippo.com/download_malwarebytes_anti_malware/download/b6505184901...

Install, run an update and initiate a scan.The purpose of that is to try and find out if the drive is infected by a invisible malicious Trojan/Virus.

4-FOURTH STEP
-Now click on the link below for the best of the best security program "ZONE ALARM SECURITY SUITE". Click on the option to download a 15-day trial.
http://www.zonealarm.com/security/en-us/anti-virus-spyware-free-download.htm

Install it, run the update and restart your machine in "Safe Mode" (Done by instantly tapping F8 on the keyboard as the machine restarts)then run a full scan.


STEP-5
Once the infections have been detected and removed, please restart your machine normally(without tapping F8).
-Activate System Restore
I also recommend you to stick to 'MalwareBytes Antimalware' and  "ZONE ALARM SECURITY SUITE". Purchase the full version after the 15-day trial.


Kind Regards,
Lenny.