How can I remove a stubborn virus from my computer?

[Reflow718]

My comp recently just caught an virus and I have tired many anti-virus programs to remove it and so far, no luck.

Avast reported the file that is infected, but is unable to delete it. So I decided to check it myself, it's a file in my systems/drivers and when I tired to delete it. It saids the following "Cannot delete uwvwibuv: Cannot read from the source file or disk.". I have tired using "Unlock" to delete it, doesn't work.

Note, this virus is also causing all my anti-virus programs not to connect online, so I cannot update them. I have tried using Malwarebytes-antiware, doesn't detect it. I can't use system restore because it's being blocked by group policy after "I caught the virus" (Worked before).
I had tired running in safe mode, checking task for unknown programs, and I can't delete it.

Anyone have any ideas or suggestions?

 

[Evo]

What is the name of the virus?

 

[Reflow718]

uwvwibuv

 

[ijrdn]

Try moving the file to desktop and then use Unlock, if that doesn't work, can you like copy and paste the file name, with the extension?

 

[turbo]

Have you been allowing Avast to automatically update? Their virus definitions and defenses get updated at least once a day, so they're much more current than McAfee or Symantic. If you can't access their site from your machine, get someone to download the most current home version and let it update once, then burn that to a CD and see if you can run it from the CD on your infected machine. If it's on a CD that has been finalized, the virus can't modify the files. Good luck.

 

[jackmell]

If using Windows, can you not boot up in "system" mode and get to a DOS prompt before Windows loads? Usually during the boot process, while it's still in DOS mode, it briefly asks you if you want to boot up in DOS or Windows. But it's only for a few seconds and then defaults to Windows. Have to watch for the event and then quickly choose DOS. Or perhaps it is another mechanism on your machine such as pressing the F1 key during a particular point in the boot up. Find out how to do it. Then just use the DOS DEL command on the file. Even if the file has attributes that prevent normal deletion, you can override those attributes and still delete it. However since it's a driver, deleting it will likely prevent some program from running and if it's a system driver it may even impact the normal operation of the system or even prevent the system from working or even booting up.

Also, in Windows can do: All Programs/accessories/system tools/system restore. And then choose a date from the displayed calendar, say several days before the infection, to restore your system to a previous state. This restore only restores system files.

 

[Pattonias]

If using Windows, can you not boot up in "system" mode and get to a DOS prompt before Windows loads? Usually during the boot process, while it's still in DOS mode, it briefly asks you if you want to boot up in DOS or Windows. But it's only for a few seconds and then defaults to Windows. Have to watch for the event and then quickly choose DOS. Or perhaps it is another mechanism on your machine such as pressing the F1 key during a particular point in the boot up. Find out how to do it. Then just use the DOS DEL command on the file. Even if the file has attributes that prevent normal deletion, you can override those attributes and still delete it. However since it's a driver, will deletion prevent some program from running correctly? May have to restore that driver from a disc or online.

Also, in Windows can do: All Programs/accessories/system tools/system restore. And then choose a date from the displayed calendar, say several days before the infection, to restore your system to a previous state. This restore only restores system files.

I don't think you can boot a OS in true DOS as of XP as far as I have experienced lately. I do know that if you make a DOS boot drive/stick (look up the process online) you can delete the file using this procedure. I bet there is another hidden file that will replicate the file again. Some malware removers can operate from a DOS OS so perhaps you can run one of these. I will have to do some more reading to be sure. Linux boot drives can be used for this as well.

 

[Borg]

uwvwibuv

That file doesn't appear to exist. When I Googled it I got exactly two hits - this thread and http://www.tomshardware.com/forum/249106-45-virus-delete-read-source-file" that looks like you wrote it (similar username and same question).

What exactly is Avast telling you? Try these steps to get a better idea of what to do next.
http://forum.avast.com/index.php?topic=14433.0

 

[Jobrag]

If you can, install LINUX as your operating system, then you'll be able to delete the virus and go back to windows, or you might like LINUX so much that you turn your back on Bill Gates and his evil empire forever.

 

[ijrdn]

If you can, install LINUX as your operating system, then you'll be able to delete the virus and go back to windows, or you might like LINUX so much that you turn your back on Bill Gates and his evil empire forever.

lol i love linux, but not so much that i turn my back on bill gates

 

[Pattonias]

The empire won back my heart with W7. Plus the empire has cooler outfits and theme music than the Rebellion. I just wish Bill would go ahead and put on the black robe. He is already pale and has bad hair. Halfway there.

 

[jill40]

Which antivirus programs did you use? There's a new one in the market which I heard can remove harmful software that other popular software like Kaspersky & ENod can't. Try to check google for some rising antivirus reviews and see if it also works for you.

 

[JaredJames]

Just for the record, I've found Avast to be an extremely poor AV solution.

I had a computer given to me for repair which had a virus that disabled one piece of AV and took over Avast. So be weary of what it tells you.

 

[schip666!]

A couple other hints:

You should be able to boot into "Safe Mode" on Widows, often hitting F8 during boot does this, but watch the prompts as they flash past. Then it's may be possible to delete files which are otherwise locked. When deleting, go look for Temporary Internet Files and other cached versions of the same thing.

When your anti-virus software can't connect, it's usually because someone-bad has installed a fake proxy which redirects those connection requests. Look for something like /hosts -- actually I don't remember the windows files that might be the culprits, so some google is in order. And check your Control Panel -> "Internet Options", they might slip the proxy in there as well.

 

[Pattonias]

Don't try to manually remove the virus.

Start your computer in Safe-mode in the way described above. Follow this http://www.combofix.org/" and download ComboFix. Follow the instructions on their page and it should remove most any virus you would run across.

Also this is an old thread and his problem has probably been solved a while ago.

 

[Omm]

Don't try to manually remove the virus.

Start your computer in Safe-mode in the way described above. Follow this http://www.combofix.org/" and download ComboFix. Follow the instructions on their page and it should remove most any virus you would run across.

Also this is an old thread and his problem has probably been solved a while ago.

Just as a FYI if anyone comes across this thread; you should never run Combofix unless told to by someone trained with the program. It is very dangerous. See this: http://www.bleepingcomputer.com/forums/topic273628.html