1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

help with this ANNOYING VIRUS!!!!

Discussion in 'General Hardware' started by CH@NO, Jan 25, 2009.

  1. CH@NO

    CH@NO New Member

    Joined:
    May 24, 2007
    Messages:
    901 (0.34/day)
    Thanks Received:
    59
    Location:
    Toluca, Mexico
    the name of the virus is OLHRWEF, and It's hosted under System32 chapter. a very little info are about this virus on the web and as far as I know any antivirus SW can remove it.

    I tried NOD32 and Avast, both fully updated. Also used Ad-Aware and Spyware Doctor with any luck. The virus make the system unstable causing lags...very annoying.

    The only way I get rid of It is installing Vista X64 (not sure about X86), 'cause with the UAC feature It denies the virus from loading.

    The virus sepreads via USB storage devices and copies Itself on all HDDs (incluiding partitions)

    is anyone know a way to get rid of it under Win XP????
  2. r9

    r9

    Joined:
    Jul 28, 2008
    Messages:
    2,144 (0.96/day)
    Thanks Received:
    284
    Viruses that spread on USB drives usually there is file on the USB stick-drive autorun.inf witch is pointing on the virus - *.exe file. To see if there is such a file on the drives from command type:
    dir /ah it will list all hidden files witch don`t show up in the explorer. If you find such a file edit it and you will see where are the viruses located. I`m using norton commander for windows which can see hidden files like the one I`m talking about and delete them. Also open task manager and see whitch process is taking all of the CPU and open regedit and find and delete the registry that is pointing to that file.
    CH@NO says thanks.
  3. CH@NO

    CH@NO New Member

    Joined:
    May 24, 2007
    Messages:
    901 (0.34/day)
    Thanks Received:
    59
    Location:
    Toluca, Mexico
    VERY nice advice r9, I saw the virus on my partitions with the following name j60osk9.cmd with It's respective autorun.inf file, I'll search the Norton Commander that you're talking about and see If I can get rid of it.....but removieng the virus from registry didn't helped, the virus reinstalled itself :(
  4. CH@NO

    CH@NO New Member

    Joined:
    May 24, 2007
    Messages:
    901 (0.34/day)
    Thanks Received:
    59
    Location:
    Toluca, Mexico
    Ok, I already delete the virus from the partitions, but I cannot find the OLHRWEF.exe on the System32 chapter, and according to msconfig, the file loads at startup and is located on that directory.
  5. Laurijan

    Laurijan

    Joined:
    Feb 10, 2007
    Messages:
    2,238 (0.81/day)
    Thanks Received:
    345
    Location:
    Oulu, Finland
    You can install Avira Antivirus besides Avast.. try that!
  6. madmanjohn

    madmanjohn New Member

    Joined:
    Jan 24, 2009
    Messages:
    213 (0.10/day)
    Thanks Received:
    26
    Location:
    midwestern IL-WI stateline area
    this is a longshot-

    ive had a lot of luck with malwarebytes anti malware- i use the full version of avg myself, but when a customer brings a sick one in, thats what ill throw at it. its really good at finding rootkits that the free versions and trial versions miss. its a fully functional full powered trial for 30 days.

    reason being- its not automatic, you control what it does and what it gets rid of.

    it uninstalls clean and usually takes its own virus vault with it when you are done using it.

    the paid version is 25$usd one time, and it updates daily and the paid version can be scheduled.

    problem is if its a trojan wrapped into a sys 32 file you may not be able to remove it without damaging the sys32 file its attatched to.:banghead:

    avg has free downloads for certain things that may help too

    good luck and hope this helps ;)
    CH@NO says thanks.
  7. NinkobEi

    NinkobEi

    Joined:
    Nov 27, 2006
    Messages:
    2,045 (0.72/day)
    Thanks Received:
    340
    +1 on malwarebytes. its worked for me
  8. DRDNA

    DRDNA

    Joined:
    Feb 19, 2006
    Messages:
    4,778 (1.53/day)
    Thanks Received:
    566
    Location:
    New York
    +2
  9. CH@NO

    CH@NO New Member

    Joined:
    May 24, 2007
    Messages:
    901 (0.34/day)
    Thanks Received:
    59
    Location:
    Toluca, Mexico
    I suddenly remember that I use malwarebytes when I was infected the last time and It didn't help, the program don't found any malware relationated to the virus, found 2-3 malware cookies, but that's all, and I used the full version.....I was able to succesfully removing the virus from the partitions, also the USB devices, but If the virus persist in my OS I think the only way to removing it is reinstalling It, and wait to the antiviruses software includes the removing update of it.
  10. madmanjohn

    madmanjohn New Member

    Joined:
    Jan 24, 2009
    Messages:
    213 (0.10/day)
    Thanks Received:
    26
    Location:
    midwestern IL-WI stateline area
    yeah i understand- what your dealing with is a real virus not a rootkit trojan-

    did you happen to check the avg tools link i sent? they operate independantly of avg

    most of them work in dos mode so they can deal with an xp sys 32 file in use.

    myself id just reboot, but if i couldent, man id try anything :twitch:

    im checking something on this now- ill b back......
  11. speedpc

    speedpc

    Joined:
    Jul 30, 2007
    Messages:
    246 (0.10/day)
    Thanks Received:
    48
    +3 on malwarebytes.
    Since i deal with this all the time 1st Thing you need to do is turn off system restore !!!
    the 2 tools i use are Malwarebytes 1st, Then SuperAntispyware 2nd (Download Free Version)
    If it work i usually leave System restore off for a couple of days and monitor the system Hope this help.
    http://www.superantispyware.com/download.html
    http://www.malwarebytes.org/
    Good Luck, Thanks Guys
    madmanjohn says thanks.
  12. madmanjohn

    madmanjohn New Member

    Joined:
    Jan 24, 2009
    Messages:
    213 (0.10/day)
    Thanks Received:
    26
    Location:
    midwestern IL-WI stateline area
    i found a link from someone else that had gotten this- plus everything else i found seems to point to the fact that it is a trojan and its rootkit based, in which case malwarebytes could only help before it was fully launched and executed- i hope the more knowledgable than i jump on this thread to clarify.

    however- i did find this link to someone else that had this.it may help

    http://www.spywarewarrior.com/viewtopic.php?p=193171

    that turned up in a google- and also found a page in wikipedia but couldnt get it to translate from spanish

    google the virus name and be careful. theres enough stuff in other languages that you could inadvertantly wander into a site that launches it.

    give speedpc a bump- good point- i forgot about sys restore- i dont run it since i use norton ghost so it slipped past me- you may want to temporarily disable system pagefile too while you run any fixes on it

    xp may gripe about no virtual memory but it will eliminate the possibility- disable sys pagefile, then turn on hidden and system folders, go into c: and delete the sys pagefile and start over.

    it might work-maybe

    just a afterthought


    if it was me- like i said- id just reboot- but whats got my curiosity is that you had it once before- im wondering if this is something that could take residency in your electronics, irregardless of a fully erased hard drive.:wtf:

    i gotta get to work- back later y-all & good luck
    Last edited: Jan 26, 2009
    CH@NO says thanks.
  13. francis511

    francis511

    Joined:
    Oct 16, 2006
    Messages:
    2,547 (0.89/day)
    Thanks Received:
    271
    Location:
    N.Ireland
  14. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    4,340 (2.02/day)
    Thanks Received:
    1,560
    Location:
    στο άλφα έως ωμέγα
  15. CH@NO

    CH@NO New Member

    Joined:
    May 24, 2007
    Messages:
    901 (0.34/day)
    Thanks Received:
    59
    Location:
    Toluca, Mexico
    good info guys, but I ended installing Vista X64, 'cause I own a Cyber-Cafe, so I dialy plug various USB storage devices into my PC and I wanna make my system the most securely possible.

    Again many thanx for the advices...all the user computers have XP SP3, so if they got infected I'll use your advices to get rid if this (and others) virus/malwares.
    Last edited: Jan 27, 2009
  16. CH@NO

    CH@NO New Member

    Joined:
    May 24, 2007
    Messages:
    901 (0.34/day)
    Thanks Received:
    59
    Location:
    Toluca, Mexico
  17. TRIPTEX_CAN

    TRIPTEX_CAN

    Joined:
    Feb 10, 2008
    Messages:
    3,304 (1.38/day)
    Thanks Received:
    723
    Location:
    BC.CAN
    If you have a cybercaf you should install something like DeepFreeze to lock all changes to the HDD. Every time you reboot it resets everything to the way you like it. All changes are removed and nothing malicious can run.

    http://www.faronics.com/html/deepfreeze.asp


    Solid application ^^
    CH@NO says thanks.
  18. CH@NO

    CH@NO New Member

    Joined:
    May 24, 2007
    Messages:
    901 (0.34/day)
    Thanks Received:
    59
    Location:
    Toluca, Mexico
    Thanx TRIPTEX, I already have It, just I didn't remember It's function :D (what a dumb)

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page