Win32/Buzus.AU virus help

Forums › Microsoft Windows › Win32/Buzus.AU virus help

TechnologyHalfVirgin

71 posts

Master Geek

#39314 12-Aug-2009 15:41

1st off we are using the anti virus software CA which we find good.
When we start the computer up it comes up with Win32/Buzus.AU virus in the temp files on the local disc, CA says they have been deleted but it happens everytime we restart. When we do a full scan it comes up empty but I am assuming thats because it was deleted. How can we get rid of this trojan as we do not want any damage. Please HELP!!

1 | 2

Geek of Coastguard
14115 posts

Uber Geek
+1 received by user: 4574

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#245658 12-Aug-2009 15:48

Hehe similar issue here with a virus/trojan but using Symantec..... try booting into safe mode and running full scan that way. Or if youre desperate, another thing to try (dosent always work tho) is to put the drive into another system and get that system to scan it. That way it cant complain Windows has locked the file etc.

XPD / Gavin

LinkTree

TechnologyHalfVirgin

71 posts

Master Geek

#245660 12-Aug-2009 15:49

Hi
Thanks, I have tried loading safe mode but I can not seem to do it. When i restart and push F10 or F9 or something nothing happens.

xpd

Geek of Coastguard
14115 posts

Uber Geek
+1 received by user: 4574

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#245667 12-Aug-2009 16:01

You get safe mode options by pressing F8 before WIndows starts up :)

XPD / Gavin

LinkTree

TechnologyHalfVirgin

71 posts

Master Geek

#245682 12-Aug-2009 16:23

Could this virus come from a pen drive that had data from a laptop? The laptop was last known to have a worm virus. Thanks :)

TechnologyHalfVirgin

71 posts

Master Geek

#245810 12-Aug-2009 21:01

FINALLY GOT RID OF IT YAY!!!! Used Combofix which dragged the trojan out and my antivirus program sorted it. Thanks tho

heretohelp

370 posts

Ultimate Geek
+1 received by user: 2

#245813 12-Aug-2009 21:06

try disconecting the computer from the net. deleting the virus ca finds reboot. if it comes up automaticly while disconected from the net you know that the viruse is recreating its self from another location. if you plug it into the net the virus pops up you know its downloading its self from the net. ither way you are going to have to do some clean out on it

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe download this file.

in safe mode with netwroking hit f8 as your comptuer starts

make sure you have

show hidden files checked
hide extentions unchecked
hide known file types unchecked

run HJT do a scan with log file post the log file back here so i can view it. dont check any of the boxes in the scan or you could screw your computer.

Some other tools that may help

run this first it will get rid of most tmp files http://www.ccleaner.com/ under options advanced tab uncheck the box that says only delete files older than 48hours

Combofix (caution this can screw around with your computer read instructions on use first generaly speaking its ok http://www.bleepingcomputer.com/combofix/how-to-use-combofix you can download it from this site i always get it from bleeping computers sever.

malwarebytes http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button make sure you choose full scan option and update b4 you scan

spybot http://www.safer-networking.org/en/home/index.html when you set it up make sure you uncheck all of the check boxes other wise you get stuff starting up that will slow your ocmputer down. make sure you update b4 you scan

these are the basic scans you can. if you are still getting the problem we will have to look at things further.

let me know how you get on

thanks

PS CA in my experence is not that great. avast is much beter and its free (for home use) i would suggest installing avast and doing a boot scan being aware if you install it while having ca on your omcputer yhou will have problems

Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.

AliExpress

Shop now on AliExpress (affiliate link).

heretohelp

370 posts

Ultimate Geek
+1 received by user: 2

#245814 12-Aug-2009 21:08

my bad you must of posted that last comment while i was typing. seriously though get rid of CA and put Avast on your system :)

Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.

TechnologyHalfVirgin

71 posts

Master Geek

#245837 12-Aug-2009 21:50

Hi
Wow thank you so much for your answer, it was great altho I'll admit some of it was over my head a little lol. We got Combofix recommended and I was able to use that without stuffing up computer (yay :P). Currently we have CA and will continue to do so until out subscribtion runs out in Jan/Feb, I do not have enough money to go buy another. We have tried Advast and honestly I didn't really understand how to use it but the computer it was on was seriously messed up, since then we have bought a new one. Could you recommend a full security suite? CA has firewall, anti virus and anti spyware, so far it has worked until today. I would really appreciate that.
Cheers :D

TechnologyHalfVirgin

71 posts

Master Geek

#245839 12-Aug-2009 21:52

Sorry add on here to above post when I press F8 before computer starts nothing happens so since this is custom made it might not be on or something. Im not to sure and here I thought I knew a bit about computers lol :P

heretohelp

370 posts

Ultimate Geek
+1 received by user: 2

#245844 12-Aug-2009 22:02

mmm our company recomends nod32 there are several versions. the standard version which is just antivirus/anitspyware there is also a version with firewall its a bit more expensive. to tell you the truth you dont realy need the fire wall in my opinion for most home users windows fire wall does the trick and if you hare on broad band most routers have a firewall any how

best one i have come accross only paid one i woudl recomend
once you have it set up it just does its thing. we sell it for around $80 but price veries a little from $70-$80 and then its about $50 a year after that

avast is very good and easy to use basicly just install it and it works. where people get hung up is when the they have to register it. its free to register you get 2 months b4 you have to register but if you follow the prompts you should be good to go.

http://www.avast.com/eng/home-registration.php

this is the registration page for it from what i can tell thats the hardest part every body gets caught up on the registration lol.

http://www.bleepingcomputer.com/tutorials/tutorial104.html

this is how to set up avast just rember to uninstall ca first.

http://www.digitalred.com/avast-boot-time.php

how to do boot scan only thing i can see what i woudl do differntly where it says move infected file to chest i would just set it to delte cause if its infected no pooint in having it on your computer

Ither one is good. nod32 i would suggest is much better for most users but i love the boot time scan on avast. avast is what i use at home

let us know how you get on and what you decied thanks

Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.

heretohelp

370 posts

Ultimate Geek
+1 received by user: 2

#245845 12-Aug-2009 22:03

oh yea forgot to mention i woudl still run spybot and malwarebytes links in the previous post thanks. best to do in safe mode

Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

xpd

Geek of Coastguard
14115 posts

Uber Geek
+1 received by user: 4574

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#245899 13-Aug-2009 07:50

F8 isnt a system manufacturer option, its part of Windows so cant be turned off as such.... some keyboards are a bit slow at becoming active tho so might be a tiny Window that you can actually hit it in :)
Oh well..at least you got rid of it :)

I recommend running somehting like Malwarebytes Anti-malware along side your virus scanner though to be extra safe :)

XPD / Gavin

LinkTree

xeroid

6 posts

Wannabe Geek

#246139 13-Aug-2009 16:50

AVG Free works for me at home. They update regularly and it is not resource hungry. Plus ZoneAlarm Firewall ( and the ADSL firewall ) for good measure. Spybot and MBAM for a final safe experience.
Been using AVG for about 5 years now and very few problems.

heretohelp

370 posts

Ultimate Geek
+1 received by user: 2

#246264 13-Aug-2009 20:35

Personally wouldnt go with avg. seen it screw tomany computers. Personally wouldnt go with zone alarm. it gets stuck on ya computer. seen several very screwd computers caused by zone alarm. but every body has there opinion and if it works for you great

I would recomend safteynet fire wall can be downloaded here

http://www.netveda.com/downloads/downloadform.asp?product=sn&lic=serv you do have to enter your email.

takes a little to cofigure but no more than zone alarm

its free works in the same way as zone alarm in my opinion easier to use and it doesnt go wrong like zone alarm.

we mainly put it on computers that have win 98 ME or 2k. personally wouldnt bother with xp unless you are running a buisness with sensitive info.

in the past we have found the new avg 8.5 screws with downloads on vista. after you download a file it autmaticly deletes the file but does not tell yo its doing it. and on xp it brings the system to a grinding hault. not sure if they have fixed the bugs but i wouldnt touch it.

just my opinion and experences.

as i say if it works for you, use it.

Hu? did i do that?
16Mb (EDO RAM), K6-II processor, 2Mb of onboard graphics. 32k dial up modem. 12 speed CD ROM. 5¼-inch floppy drive. 500Mb HDD.

TechnologyHalfVirgin

71 posts

Master Geek

#246278 13-Aug-2009 20:58

Hi All
We are now installing malwarebytes. Can we use with CA?

1 | 2