My computer is infected with virus. Help!

TheEveryDayGuy

Estimable
May 10, 2014
6
0
4,510
These virus (I think) have been existed on my computers for few years now, and I had gone through different versions of Windows, (XP,7,8.1,10) and it's still be able to run. It's disguised as explorer.exe , spoolsv.exe and icsys.icn.exe, and live in C:\Windows\Resources . It's tend to use a lot of disk and usually fill up my "C:" partition. Sometimes, when I execute a program, It pops-up as explorer.exe or icnsys.icn.exe and require me to hit yes in order to run the program , if not , the program won't launch. I remembered it was constantly showing error when I reached the peak point of my system memory , It showed a message box with "Project1" in the title and "Out of Memory" inside the box. And there was lots of that box, I had to use Task Manager to kill all of them . It's also tried to copy it's code in other .exe files. It's infect my game executable, which I've scanned right here.
http://
And I tried to scan icnsys.icn.sys and got the same result
http://
Every program that it's infected usually have their icon pixelated and their description in "Details" altered. I once tried to change a infected program's description in Resource Hacker and from that point , every program that's it infect have the same description as the one I've changed. Funny thing is the infected program still running fine. It's original description said that it's program name is "Tjprojmain.exe". I think it's written in VB.
I tried to use MBAM , It does clean the virus and detected some reg key that virus inserted .but it can't detect infected files. Even on VirusTotal,Malwarebyte didn't recognize it as a virus.
I also used Hijackthis , and clean them, but it's the same case as MBAM

 
Solution
For persistent viruses, it's better to run Boot, Remote or Live CD virus scans... this way viruses are disabled and are more vulnerable to detection and removal.

1. See if your antivirus can run in Safe Mode
2. Run a online antivirus scan
3. Run an antivirus boot scan
4. Download a Live CD Antivirus
5. Scan with ComboFix... if it fails to remove the virus, download The Hiren's Boot CD which also includes ComboFix.. the difference is that scanning from a Live CD has better results than scans from an infected system where the virus is in control.

George Phillips

Estimable
Jun 17, 2015
27
0
4,610
If it has been in your system for few years as you upgraded to newer operating systems, I highly recommend to back you your data/files/documents in a separate external drive and then reinstall the OS from scratch. Then install the anti-virus and anti-malware software to scan the backed up data/files/documents as you move them to the rebuilt system. Don't bother to find out which programs are infected or are not working, it will take more time and probably is not as good as rebuild the entire system.
 

Chicano

Distinguished
Aug 29, 2011
193
2
18,910
For persistent viruses, it's better to run Boot, Remote or Live CD virus scans... this way viruses are disabled and are more vulnerable to detection and removal.

1. See if your antivirus can run in Safe Mode
2. Run a online antivirus scan
3. Run an antivirus boot scan
4. Download a Live CD Antivirus
5. Scan with ComboFix... if it fails to remove the virus, download The Hiren's Boot CD which also includes ComboFix.. the difference is that scanning from a Live CD has better results than scans from an infected system where the virus is in control.
 
Solution