Yeah, well, I can't get rid of this damn thing

W32/Scribble-A [Sophos]: http://www.threatexpert.com/threats/w32-scribble-a.html

My Webroot won't detect it and it quarantines it, deletes it, but it just comes back. What do I do? Sometimes it starts saying that Server Host stopped working, and then another says that my Vista Aero theme is being corrupted.

http://img12.imageshack.us/img12/3571/seriuslywtf.th.png (http://img12.imageshack.us/my.php?image=seriuslywtf.png)

E: I don't know what I downloaded. Everything I have downloaded since my last Reformat (which was like, 1 day ago)

-Steam
-Xfire
-Firefox
-Windows Vista Themes
-Steam Games
-Rocket Dock
-Left Sider for Windows
-Finderbar
-WinRAR
-Pidgen


I am thinking it was a screensaver I downloaded from dA, the guy linked it to another site, and no other people commented saying it was a Trojan

E2: This was the first 2 mins of my scan, I got fucked big time
Trojan Horse found: trojan-clicker-myminitcpclient
Trojan Horse found: trojan-downloader-waverevenue
Informational: AV engine detected W32/Scribble-B in file C:\Windows\RtHDVCpl.exe
Virus found: W32/Scribble-B (Threat marked as Always Remove)
Informational: AV engine detected W32/Scribble-B in file C:\Windows\System32\sopidkc.exe
Informational: AV engine detected W32/Scribble-B in file C:\Windows\servicing\TrustedInstaller.exe
Informational: AV engine detected W32/Scribble-B in file C:\Program Files\Internet Explorer\ieuser.exe
Informational: AV engine detected W32/Scribble-B in file C:\Program Files\RocketDock\RocketDock.exe
Informational: AV engine detected W32/Scribble-B in file C:\Windows\System32\tdctxte.exe
Spy Cookie found: atlas dmt cookie
Spy Cookie found: doubleclick cookie
Spy Cookie found: tribalfusion cookie
Spy Cookie found: burstnet cookie
Spy Cookie found: statcounter cookie
Spy Cookie found: apmebf cookie
Spy Cookie found: mediaplex cookie
Spy Cookie found: xiti cookie
Spy Cookie found: yieldmanager cookie
Spy Cookie found: advertising cookie
Spy Cookie found: bs.serving-sys cookie
Spy Cookie found: serving-sys cookie
Spy Cookie found: adbureau cookie
Spy Cookie found: zedo cookie
Spy Cookie found: trafficmp cookie
Spy Cookie found: realmedia cookie
Spy Cookie found: pointroll cookie
Spy Cookie found: tacoda cookie
Spy Cookie found: atwola cookie
Spy Cookie found: specificclick.com cookie
Spy Cookie found: 247realmedia cookie
Spy Cookie found: questionmarket cookie
Spy Cookie found: casalemedia cookie
Spy Cookie found: nextag cookie
Spy Cookie found: webtrendslive cookie
Spy Cookie found: tripod cookie
Virus found: Troj/Fujif-Gen
Virus found: Troj/ScribHos-A
Virus found: Mal/Generic-A

A personal computer cannot contract sexually transmitted diseases.

that blows hard.

*might* have been one of those themes you downloaded or a site you went to. best if you reformat again then download and install each one by one and check slowly

Nuke it. Reinstall windows.

Easiest way tbh.

That, or you can spend a few hours trying to get rid of the virus.

Get something like AVG or equivilent and use that as an antivirus. If you don't use Firefox or Google Chrome, use one of those. If you use Firefox, get ScriptBlock and AdBlockPlus.

If you use IE, shoot yourself.

Jesus christ, this is the only one I can't get rid of http://i228.photobucket.com/albums/ee107/dotkito/thisistheonlyoneIcantgetridof.png the [IMG] Tags and the Shot Tags don't work with the Script thing.

Backup your data... format your harddrive... reinstall Windows.

That's the ONLY thing you can do and be guaranteed it's gone... assuming you care.

I know, that's very controversial and there are plenty of ways to erase viruses... but none of them ensure they... their friends... their security holes... their damage... and their side effects are gone forever.

but none of them ensure they... their friends... their security holes... their damage... and their side effects are gone forever.
Except reformatting... That's the one sure way to nullify the buggers.

Okay, thanks for the help.

I also found some info on it too.

W32/Scribble-A: A Self replicating program that will infect documents, programs, and temporary internet files

W32/Scribble-B: A Self replicating program that will infect documents, programs, temporary internet files, hijacks.

Backup your data... format your harddrive... reinstall Windows.

That's the ONLY thing you can do and be guaranteed it's gone... assuming you care.

I know, that's very controversial and there are plenty of ways to erase viruses... but none of them ensure they... their friends... their security holes... their damage... and their side effects are gone forever.
As you will know, reformatting introduces security holes though....

As you will know, reformatting introduces security holes though....
lol reformat, load to secondary tower, run bcwipe standard DoD pass and bam you're good.

As you will know, reformatting introduces security holes though....
Not if you do it right.

Except reformatting... That's the one sure way to nullify the buggers.That's why I said at the start of the post "Reinstall Windows (from a trusted source of course... :cop:)"

As for introducing new security holes? No -- you just have no patches since the Windows disk was made.

Though if you have a legitimate version of Windows, Microsoft lets you burn your own copy which is already patched up. The old service packs had command-line switches in them that gave the ability to install themselves onto a harddrive-copy of an install CD. For Vista (and possibly later) vLite and some other programs would probably fit your bill. ((Or you could always just order for like 10$ a CD/DVD from Microsoft that's already patched up))

Not that Vista or XP after Service Pack 2 are really all that big security threats that will cause problems before you are able to update Windows, especially if you use a router without DMZ or any ports forward.

Windows XP without any service packs is yes a major liability though.

Well, I restored back to when I first got my Vista installed, seems to be fine now

Using Windows Restorepoints?

You know viruses know how to infect those too right?

Using Windows Restorepoints?

You know viruses know how to infect those too right?
He might've exported the restore point to an external medium?

Nvmd, Re-installed.

Also, no it doesn't have security holes if you don't use the internet for a while and just turn Automatic Updates "ON". That's what Security updates are for ;)

First thing I did when I got my PC working after the rootkit (stay away from FPSBanana, it's becoming increasingly dodgy) was reinstall Windows, activate it, update it fully and then reinstall my antivirus. I don't see why anyone wouldn't make those their first and only actions until everything was fully restored, 9mm.

I usually reformat/reinstall while disconnected from the Internet entirely. I just download the most recent ver of what ever Antivirus software I'm using on another computer and burn it to disk or copy it to a USB drive.

Nvmd, Re-installed.

Also, no it doesn't have security holes if you don't use the internet for a while and just turn Automatic Updates "ON". That's what Security updates are for ;)But to actually INSTALL those security updates... you NEED to be on the internet.

If you don't block inbound unsolicited requests from the internet (or even/especially other computers in your network if they could potentially be infected), a worm can infect your PC before you get the Windows Updates installed.

These days internet attacks are unlikely though now that ISPs block RPC and File/Print sharing ports... unless you have an infected computer ON YOUR NETWORK.