Infected .doc files

Closed
Report
-
 Anonymous User -
Hello,

I'm having problem with my document files. First, i scanned my external harddisk with Avira, after scanning, it detected 10k of infected files which is the TR/QuickBatch.Gen.It send the viruses into the quarantine then i deleted the viruses.

After that, I've noticed that all my document files have the similar sized of 1kb and then I opened the document and it only written venom venom venom venom venom venom venom venom venom venom venom 666 Lucifer.

All documents such as powerpoint, and excel has this kind of message written in it..

Can U help me...pls...

27 replies

Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,263
Hi Kiddo,

Sorry for the delay I was looking into my data bank about venom 666 Lucifer and TR/QuickBatch.Gen.

Seem that we have a description of the virus but no solution was ever found. Most infected systems are either Spanish or Portugeese. I checked on the French Kioskea forum and this issue was never discussed.

From my research, there are at least 100 files on your system which were either changed or infected and manual removal is not recommended.

I can prescribe to you a very potent medicinal compound which proved itself to be very efficient in many cases, however, I ignore at this time if it may cause ill effects on your system with the type of infection your have.

If you wish to try it, I will send it to you but it is at you own risk.

Another solution, if you are patient, is that I can call upon a virus expert from our French Kioskea. But he may not reply today. His user name is gen_hackman.

Let me know what you wish to do.

Regards
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,263
Hello again Racerkid,

I have put gen_hackman on your case. I know that you don't speak French, but he can write English. He is our best wizard when it comes to virus killing.

Trust him and do exactly as says and you will come out victorious. The virus you have is very tough and nasty.

I will follow your progress and ensure the liaison between the two.

Good luck
hello sir,
i term of killing the virus yes i'm lost....
But i'm still here...sory for the late reply
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,263
Hello RacerKid,
As I said, Gen_hackman will remove it for you. Please be patient.
owh ok sir...

? Download here: UsbFix on your desktop

connect all your peripherals without opening them

/ "\ Disable temporarily and only time using UsbFix, the real-time protection of your Antivirus and Antispyware thy, which may hinder the search process significantly and cleaning tool.

if you have XP => double click
if you have Vista or Windows 7 => right click "run as ...."


Usbfix icon located on your desktop.
On the page, click the button:

? chose option Remove

? UsbFix scan your pc, let the tool work.

? Then post the report UsbFix.txt that will appear with the office.

? Note: The report is saved UsbFix.txt the root of the disk. (C: \ UsbFix.txt)

(CTRL + A to select all, CTRL + C to copy and CTRL + V to paste)
¤¤¤¤¤¤?G3?-?@¢??@?(TM)©®?¤¤¤¤¤¤
############################## | UsbFix 7.027 | [Deletion]

User: RACERKID (Administrator) # RACERKID-PC [Gigabyte Technology Co., Ltd. EP43-UD3L]
Updated 28/09/10 by El Desaparecido / C_XX
Started at 17:40:29 | 30/09/2010
Website: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz
Microsoft Windows 7 Ultimate (6.1.7600 64-Bit) #
Internet Explorer 8.0.7600.16385

Windows Firewall: Enabled
RAM -> 2046 Mb
C:\ (%systemdrive%) -> Fixed drive # 83 Gb (58 Mb free - 69%) [] # NTFS
D:\ -> Fixed drive # 66 Gb (11 Mb free - 17%) [New Volume] # NTFS
E:\ -> CD-ROM
F:\ -> Fixed drive # 233 Gb (32 Mb free - 14%) [] # NTFS

################## | Files # Infected Folders |


Deleted ! C:\Users\RACERKID\AppData\Local\Temp\a.dat
Deleted ! C:\Users\RACERKID\AppData\Local\Temp\Bff.exe
Deleted ! C:\Users\RACERKID\AppData\Local\Temp\Bfg.exe
Deleted ! C:\Users\RACERKID\AppData\Local\Temp\Bfh.exe
Deleted ! C:\Users\RACERKID\AppData\Local\Temp\sshnas21.dll
Deleted ! C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
Deleted ! C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Deleted ! F:\DIJAMANTE

################## | Registry |

Deleted ! HKCU\Software\3FWHZQA3LT
Deleted ! HKCU\Software\Microsoft\Handle
Deleted ! HKCU\Software\XML
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFind
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFolderOptions
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFolderOptions
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRun
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|3FWHZQA3LT
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Metropolis

################## | Mountpoints2 |


################## | Listing |

[27/09/2010 - 02:08:20 | SHD ] C:\$Recycle.Bin
[29/09/2010 - 20:31:30 | RD ] C:\32788R22FWJFW
[30/09/2010 - 17:38:59 | RASHD ] C:\Autorun.inf
[27/09/2010 - 01:49:14 | SHD ] C:\Documents and Settings
[30/09/2010 - 16:23:24 | ASH | 1609424896] C:\hiberfil.sys
[27/09/2010 - 02:15:50 | A | 190] C:\Install.log
[27/09/2010 - 02:11:51 | D ] C:\Intel
[29/09/2010 - 22:30:34 | D ] C:\Kill'em
[29/09/2010 - 22:31:07 | A | 2082] C:\Kill'em.txt
[29/09/2010 - 22:30:34 | A | 24113] C:\List'em.txt
[01/12/2006 - 23:37:14 | A | 904704] C:\msdia80.dll
[30/09/2010 - 00:24:23 | RHD ] C:\MSOCache
[30/09/2010 - 16:23:32 | ASH | 2145902592] C:\pagefile.sys
[14/07/2009 - 11:20:08 | D ] C:\PerfLogs
[30/09/2010 - 00:26:05 | RD ] C:\Program Files
[30/09/2010 - 16:46:12 | RD ] C:\Program Files (x86)
[30/09/2010 - 17:28:50 | HD ] C:\ProgramData
[27/09/2010 - 01:49:14 | SHD ] C:\Recovery
[27/09/2010 - 02:13:46 | A | 1944] C:\RHDSetup.log
[30/09/2010 - 17:40:38 | A | 42104] C:\service.log
[30/09/2010 - 04:48:57 | SHD ] C:\System Volume Information
[30/09/2010 - 17:42:08 | D ] C:\UsbFix
[30/09/2010 - 17:40:39 | A | 3175] C:\UsbFix.txt
[27/09/2010 - 02:08:08 | RD ] C:\Users
[30/09/2010 - 08:52:59 | D ] C:\Windows
[27/09/2010 - 02:08:21 | SHD ] D:\$RECYCLE.BIN
[30/09/2010 - 17:39:02 | RASHD ] D:\Autorun.inf
[22/03/2010 - 18:54:42 | SHD ] D:\Config.Msi
[23/03/2010 - 18:35:27 | D ] D:\cyborg GirL
[30/07/2010 - 11:41:46 | RD ] D:\Desktop
[23/03/2010 - 18:36:14 | D ] D:\handsome suit
[29/09/2010 - 20:40:34 | RD ] D:\REPUBLIC OF GAMERSS
[06/04/2010 - 15:19:23 | SHD ] D:\System Volume Information
[11/05/2009 - 17:46:11 | D ] E:\ASSIGNMENTATION O POYOTION
[21/05/2010 - 17:13:21 | HD ] F:\$AVG
[27/09/2010 - 02:31:19 | SHD ] F:\$RECYCLE.BIN
[24/08/2010 - 23:57:32 | A | 228696] F:\3683677031_c92dd1ccbb_b.jpg
[19/08/2010 - 16:40:56 | A | 239254] F:\728.jpg
[19/08/2010 - 16:48:23 | A | 19485] F:\741.jpg
[19/08/2010 - 16:56:01 | A | 112083] F:\757.jpg
[02/08/2010 - 19:25:07 | A | 1104078] F:\AEWOLL.bmp
[16/08/2010 - 12:14:59 | A | 39371] F:\attachments_2010_08_16.zip
[30/09/2010 - 17:39:10 | RASHD ] F:\Autorun.inf
[23/09/2010 - 01:18:57 | A | 7877] F:\funny-cartoon-faces-001.jpg
[23/09/2010 - 01:19:03 | A | 7700] F:\funny-cartoon-faces-002.jpg
[23/09/2010 - 01:19:06 | A | 7583] F:\funny-cartoon-faces-003.jpg
[23/09/2010 - 01:18:46 | A | 8069] F:\funny-cartoon-faces-004.jpg
[23/09/2010 - 01:19:09 | A | 8298] F:\funny-cartoon-faces-005.jpg
[23/09/2010 - 01:19:12 | A | 8789] F:\funny-cartoon-faces-006.jpg
[23/09/2010 - 01:19:19 | A | 7974] F:\funny-cartoon-faces-007.jpg
[23/09/2010 - 01:19:22 | A | 7972] F:\funny-cartoon-faces-008.jpg
[23/09/2010 - 01:19:24 | A | 9724] F:\funny-cartoon-faces-009.jpg
[23/09/2010 - 01:19:27 | A | 8014] F:\funny-cartoon-faces-010.jpg
[23/09/2010 - 01:19:30 | A | 8305] F:\funny-cartoon-faces-011.jpg
[30/09/2010 - 00:56:07 | D ] F:\GAMESWARE
[28/09/2010 - 13:52:53 | A | 801] F:\KPMSIDB.php
[27/08/2010 - 01:24:09 | A | 4206758] F:\Mizz Nina Feat. Colby'O Donis - What You Waiting For-atansb.mp3
[09/09/2010 - 23:01:43 | HD ] F:\msdownld.tmp
[28/09/2010 - 20:26:53 | RD ] F:\MUSIC LISTENING
[28/09/2010 - 20:26:53 | D ] F:\My BLOGSPOT Project
[28/09/2010 - 20:26:53 | D ] F:\MY FAME OF PICTURES
[28/09/2010 - 20:26:45 | RD ] F:\MY VIDEO COLLECTIONS
[29/09/2010 - 22:46:28 | RD ] F:\MY WORKING DOCUMENTATION
[28/09/2010 - 09:44:22 | A | 13775872] F:\mYnEorIoN.fla
[28/09/2010 - 09:35:37 | A | 13427286] F:\mYnEorIoN.swf
[18/09/2010 - 12:24:24 | D ] F:\New music
[28/09/2010 - 20:15:30 | D ] F:\OTHERSWARE
[29/09/2010 - 18:20:56 | SHD ] F:\RECYCLER
[28/09/2010 - 08:22:44 | A | 80] F:\resume bam 2.doc
[28/09/2010 - 20:26:25 | RSHD ] F:\SAMU
[28/09/2010 - 20:26:21 | D ] F:\SOFTWARE
[29/09/2010 - 16:52:31 | SHD ] F:\System Volume Information
[28/09/2010 - 20:12:24 | D ] F:\website1
[28/09/2010 - 20:12:24 | D ] F:\website3
[28/09/2010 - 20:12:24 | D ] F:\website4

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_RACERKID-PC.zip
https://www.ionos.fr/?affiliate_id=77097
Thank you for your contribution.

################## | E.O.F |
Is this the file u want?

yes

launch back usbfix and desinstall him

would you like to give me C:\List'em.txt ?

click on this link: http://www.cijoint.fr/

? Click on Browse and look for the file C:\List'em.Txt

? Click Open.

? Click on "Click here to submit the file".

Link to this:

Http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

is added to the page.

? Copy this link in your answer.

? Do the same with more.txt located on your desktop
¤¤¤¤¤¤?G3?-?@¢??@?(TM)©®?¤¤¤¤¤¤
Is this the file u wanted sir??


http://www.cijoint.fr/cjlink.php?file=cj201009/cijmCwdr7G.txt

http://www.cijoint.fr/cjlink.php?file=cj201009/cija3AgSZQ.txt

ok

if you have XP => double click
if you have Vista or Windows 7 => right click "run as ...."


? Recovery List_Kill'em with the shortcut on your desktop.

but this time:

? select the option Clean <bold> </ bold>

let the tool work.

end of the scan window closes, and you have a report named Kill'em.txt on your desktop

? paste the contents into your reply
¤¤¤¤¤¤?G3?-?@¢??@?(TM)©®?¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.0.8 ¤¤¤¤¤¤¤¤¤¤

User : RACERKID (Administrators)
Update on 29/09/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 10:30:34 PM | 9/29/2010

Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz
Microsoft Windows 7 Ultimate (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled

A:\ -> 3 1/2 Inch Floppy Drive
C:\ -> Local Fixed Disk | 83.31 Go (57.99 Go free) | NTFS
D:\ -> Local Fixed Disk | 65.64 Go (11.3 Go free) [New Volume] | NTFS
E:\ -> CD-ROM Disc
F:\ -> Local Fixed Disk | 232.88 Go (31.88 Go free) | NTFS

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\ProgramData\ihfeumzb.qzk

Quarantined & Deleted !! : C:\Windows\Temp\DMIC16B.tmp
Quarantined & Deleted !! : C:\Windows\Temp\TS_972B.tmp
Quarantined & Deleted !! : C:\Windows\Temp\TS_99CC.tmp
Quarantined & Deleted !! : C:\Windows\Temp\TS_9A4A.tmp
Quarantined & Deleted !! : C:\Windows\Temp\TS_9CEB.tmp
Quarantined & Deleted !! : C:\Windows\Temp\TS_9EA1.tmp
Quarantined & Deleted !! : C:\Windows\Temp\TS_9F10.tmp
Quarantined & Deleted !! : C:\Windows\Temp\TS_9FCC.tmp
Quarantined & Deleted !! : C:\Windows\Temp\TS_A655.tmp
Quarantined & Deleted !! : C:\Windows\Temp\TS_AFAD.tmp
Quarantined & Deleted !! : C:\Windows\Temp\UDD7A9F.tmp
Quarantined & Deleted !! : C:\Users\RACERKID\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\RACERKID\Local Settings\Temp\amt.log
Quarantined & Deleted !! : C:\Users\RACERKID\LOCAL Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
Quarantined & Deleted !! : C:\Users\RACERKID\LOCAL Settings\Temp\ose00000.exe
Quarantined & Deleted !! : C:\Users\RACERKID\LOCAL Settings\Temp\SecuExp.exe
Quarantined & Deleted !! : C:\Users\RACERKID\LOCAL Settings\Temp\catchme.dll
Quarantined & Deleted !! : C:\Users\RACERKID\LOCAL Settings\Temp\drm_dialogs.dll
Quarantined & Deleted !! : C:\Users\RACERKID\LOCAL Settings\Temp\drm_dyndata_7400009.dll

¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

127.0.0.1 localhost

¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
Sir..it only clean the C directory....how about the my external hardisk?
I'm curious since i'm a beginner.

it cleans every plugged in disks

it deletes only the unnecessary files (temporary , recycle bin , etc....)
¤¤¤¤¤¤?G3?-?@¢??@?(TM)©®?¤¤¤¤¤¤
sir...

My doc file in external harddisk still written venom venom venom 666 lucifer

is it that ?

F:\ -> Fixed drive # 233 Gb (32 Mb free - 14%) [] # NTFS
Yup...but i have only 31.8GB free space....

you know that ? :

F:\mYnEorIoN.fla
F:\mYnEorIoN.swf
¤¤¤¤¤¤?G3?-?@¢??@?(TM)©®?¤¤¤¤¤¤
Yes...

What about that file sir??

hailed me the name ....

Downloads SF.exe of C_XX


* Double click on SF.exe (Run as administrator for vista / 7).

* A window "cmd" will open.

* Tape venom in this window ,

tick the MD5 case and [Enter].

* Wait during the search.

* A window will appear with a log.txt.

* Copy / paste that report into your next reply.


¤¤¤¤¤¤?G3?-?@¢??@?(TM)©®?¤¤¤¤¤¤
1. ========================= SEAF 1.0.0.8 - C_XX
2.
3. Commencé à: 22:45:19 le 30/09/2010
4.
5. Valeur(s) recherchée(s):
6. venom
7.
8. (!) --- Calcul du Hash "MD5"
9.
10. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
11.
12.
13. "D:\REPUBLIC OF GAMERSS\RollerCoaster Tycoon 3\Coaster Designs\[StandupCoaster]Venomous.trk" [ ----A---- | 69 Ko ]
14. TC: 28/09/2010,18:30:37 | TM: 10/05/2005,10:01:48 | DA: 28/09/2010,18:35:09
15.
16. Hash MD5: F823DCDEC33E7EFDA1E7063E9DA4BBCD
17.
18.
19. =========================
20.
21.
22. =========================
23.
24. Fin à: 22:45:56 le 30/09/2010 ( E.O.F )
25.
26. =========================