Virus changed my .exe file to g*.exe

[RadiKamiki]

I think the virus come to my laptop when i connect my external harddrive which borrowed before from my friend. After i connect that, first thing is my excel 2010 cant open.. and it spreading to all windows apps like freecell, windows media player, windows media center, and another installed apps like strawberry prolog, adobe photoshop, and many more in program files folder.

Im looking to app location in program files folder, and i've found that real Photoshop.exe is changed with gPhotoshop.exe and hidden, and the virus making a fake .exe with same name.

 

What should i do to remove this virus from my laptop and my external harddrive? And what is name of this virus? Avast said this virus name is "?"... but what is the real name of this virus? 

Thanks before and sorry if you can't understand my language ^^

[meenmeen1103]

First is stop using the infected drives to keep it from spreading. Next, do you have a separate system? I keep a separate laptop that has antivirus, and also have a backup of the entire system on an external that I can restore from in case the laptop becomes compromised, but have used it to clean various drives from infected systems I've worked on. I do this by plugging the infected drive as an external through usb and then have the antivirus do a full scan on the drive before opening it. It is a real possibility that plugging in an infected bootable drive to a different system for cleaning can result in a clean but unbootable windows installation after cleaning that will need either repaired or reinstalled. Sometimes, the virus won't block you from installing an antivirus program on the infected drive/system and let it run from there, but I've usually just skipped trying that because of the high chances of it failing anyway.

 

This is only worth the trouble if there's data on the infected drive that would be missed, otherwise just do a clean install as it's much easier, faster, and a sure way of getting rid of the issue.

[tlink]

use a different system and download some nuking anti virus and anti malware scans. here are some recomendations that i use to destroy buggers like these. no clue to the actual name though.

 

http://www.surfright.nl/nl/hitmanpro

https://support.kaspersky.com/viruses/rescuedisk

https://help.comodo.com/topic-170-1-493-5214-.html

http://usa.kaspersky.com/downloads/TDSSKiller

 

i advice starting it in this order:

 

1: kaspersky rescue disk

2: Comodo rescue disk

3: hitman pro

4: TDSSkiller

[The Belgian Waffle]

You're welcome

[RadiKamiki]

21 minutes ago, meenmeen1103 said:

First is stop using the infected drives to keep it from spreading. Next, do you have a separate system? I keep a separate laptop that has antivirus, and also have a backup of the entire system on an external that I can restore from in case the laptop becomes compromised, but have used it to clean various drives from infected systems I've worked on. I do this by plugging the infected drive as an external through usb and then have the antivirus do a full scan on the drive before opening it. It is a real possibility that plugging in an infected bootable drive to a different system for cleaning can result in a clean but unbootable windows installation after cleaning that will need either repaired or reinstalled. Sometimes, the virus won't block you from installing an antivirus program on the infected drive/system and let it run from there, but I've usually just skipped trying that because of the high chances of it failing anyway.

 

This is only worth the trouble if there's data on the infected drive that would be missed, otherwise just do a clean install as it's much easier, faster, and a sure way of getting rid of the issue.

Yes i have a separate system, but its linux deepin.. i have another laptop which installed windows 10 but not have an antivirus..

 

11 minutes ago, tlink said:

use a different system and download some nuking anti virus and anti malware scans. here are some recomendations that i use to destroy buggers like these. no clue to the actual name though.

 

http://www.surfright.nl/nl/hitmanpro

https://support.kaspersky.com/viruses/rescuedisk

https://help.comodo.com/topic-170-1-493-5214-.html

http://usa.kaspersky.com/downloads/TDSSKiller

 

i advice starting it in this order:

 

1: kaspersky rescue disk

2: Comodo rescue disk

3: hitman pro

4: TDSSkiller

 About rescue disk, is it run on windows or i have to make a usb bootable?

[tlink]

1 minute ago, RadiKamiki said:

Yes i have a separate system, but its linux deepin.. i have another laptop which installed windows 10 but not have an antivirus..

 

 About rescue disk, is it run on windows or i have to make a usb bootable?

every tool i linked (probably) runs its own flavor of linux. they are all bootable.

[RadiKamiki]

3 minutes ago, The Belgian Waffle said:

You're welcome

I cant use chrome now because all my browser is infected ^^

[The Belgian Waffle]

3 minutes ago, RadiKamiki said:

I cant use chrome now because all my browser is infected ^^

Don't worry, I'm just trolling you. 

Do you have an external backup? I would simply consider wiping your disks, but this might be a second solution if you have sensitive datas that aren't backed up

[RadiKamiki]

4 minutes ago, tlink said:

every tool i linked (probatqbly) runs its own flavor of linux. they are all bootable.

Ahh okay, im downloading the rescue disk... but with what i make bootable usb? Is it okay if im using linuxlive usb creator?

 

4 minutes ago, The Belgian Waffle said:

Don't worry, I'm just trolling you. 

Do you have an external backup? I would simply consider wiping your disks, but this might be a second solution if you have sensitive datas that aren't backed up

Haha...

I dont have any external backup. So i cant do that second solution ^^ but can i rename all app name which changed by the virus to original name and unhide them?

[The Belgian Waffle]

1 hour ago, RadiKamiki said:

Ahh okay, im downloading the rescue disk... but with what i make bootable usb? Is it okay if im using linuxlive usb creator?

 

Haha...

I dont have any external backup. So i cant do that second solution ^^ but can i rename all app name which changed by the virus to original name and unhide them?

Maybe try to copy the "healthy files" somewhere else and wipe your HDD when you're done

[tlink]

2 hours ago, RadiKamiki said:

Ahh okay, im downloading the rescue disk... but with what i make bootable usb? Is it okay if im using linuxlive usb creator?

 

Haha...

I dont have any external backup. So i cant do that second solution ^^ but can i rename all app name which changed by the virus to original name and unhide them?

i would advice making a backup now actually before you do any of the removals. they can fuck up your system if the virus is rooted really deep. just NEVER access it using a windows computer, use linux for that. but even linux is not safe so you might just infect everything all over again if you try to copy healthy files. even knowing what files are healthy and what files are infected is a huge hassle.

[tlink]

2 hours ago, RadiKamiki said:

Ahh okay, im downloading the rescue disk... but with what i make bootable usb? Is it okay if im using linuxlive usb creator?

i guess it is, im not really sure. i just burned them to disk because its easier and cheaper without the risk of also infecting the USB.

[RadiKamiki]

okay, the virus is gone. now, how to rename, unhide, and fix permissions of all .exe get back to original state?