So I downloaded a supposed keygen for Mass Effect, and I'm pretty sure it gave me a few viruses. I ran it and it deleted itself, and I found an ak1.exe and an acymoa.exe in my running processes afterward. A quick google revealed ak1.exe to be a worm, so I found it and deleted it successfully; when I try to delete acymoa.exe, I'm told that access is denied. First of all, can someone confirm that I'm right in assuming that acymoa.exe is a virus (no Google results for it, and my virus scanner didn't pick it up), and second, are there suggestions on methods of assured removal?

Post has been edited 1 time(s), last time on Jul 25 2010, 10:26 am by FatalException.

Assuming you're using Windows (looks like it anyway), you could try to restart in Safe Mode and then try to delete it. Maybe that will work?

Also, Avast + SpyBot

Sounds fairly likely that it is a virus, if it's an easy virus, just download Unlocker and delete it with that, I would use run>msconfig to ensure that your startup is clean as well. You may want to run ComboFix if you still continue to have odd problems, as it may have modded system DLL files.


Safe mode is overrated by virtually every "tech" person, all it does is use the default drivers instead of the specific ones for main system hardware, videocards for example, and disables a few Windows services(themes, for example), it will not stop a virus from starting up, or any other program for that matter.

Post has been edited 1 time(s), last time on Jul 14 2010, 1:27 am by Falkoner.

Well, I went into safe mode and deleted it before anyone posted, but I'm pretty sure I need a new virus scanner. I have AVG Free right now, and it didn't notice either of the things the keygen installed (although it complained a little about the other keygen I downloaded, but I figure that's just because of the backdoor business involved in it being a keygen, since it hasn't done anything screwy and the comments looked ok). I hear that Avast is good, does anyone else here besides Hydrolisk (i.e. Falk) endorse it?

EDIT: Also, looks like the first one that I deleted didn't get deleted, it's still in the startup list in msconfig. There's also one called 9129837, which Google says is also a virus. Will unchecking their autorun boxes be enough to make them not screw me over, or do I need to check to see if there are more copies of these files and delete them all?

Post has been edited 1 time(s), last time on Jul 14 2010, 1:48 am by FatalException.

Install Kaspersky Antivirus, run a full scan, then uninstall it. It's pretty much guaranteed to clean most of your system of malicious software.

FYI:
once you have been compromised you can never say with certainty that your system is clean. I endorse every antivirus out there. You should use a linux antivirus though. avira has a nice boot cd you can use.

I was going to tell you how to delete it, then I read this:
Ahhhh you stole my reply!

As for helping to clean your computer, I highly recommend Malwarebytes. Use the free version, works great.

Also FYI:
Virus scanners can't pick up any homebrew viruses. Only the very common ones, or homebrews based heavily off common ones.

You've been a naughty, naughty boy. Wasn't there a security and maintenance sticky?

Quote from Centreri

You've been a naughty, naughty boy. Wasn't there a security and maintenance sticky?

You have no idea how much I've wanted to hear that. Although from another guy, it's not so hawt.

Run a copy of Windows XP in a virtual machine and run all your keygens/dodgy programs in that.

If the VM gets infected, just delete it - problem solved. I avoid keygens like the plague anyway, and most of the time they aren't really "generating" anything, all they're doing is spitting out known-working keys from a list - better just to provide a .txt file and be done with it.

For the virtual machine, it is useful to have the virtualization program set up so it will not write changes to the virtual hard drive unless you tell it to. This way you can start up with a clean system each time you start it up to test something, as long as you never write the changes after doing the testing. I'd also recommend disconnecting the virtual machine's virtual network connection before running potentially malicious files.

Since we're discussing how to avoid the virus in the first place, the way I do things, when I'm not being lazy, that is, is first run the file in a sandbox, and when you close it, make sure that every process closes in the sandbox, if it leaves crap running, it's very likely it's a virus, and you can simply end the sandbox, I'd recommend Sandboxie. If you're still suspicious, use a virtual machine, but that seems like overkill to me.

Now, the more important matter is getting his computer fixed. First thing I would recommend is to download ComboFix, and run that, it gets these random file name viruses better than any of the AV programs from my experience. I believe that should solve your issues with the virus, if not, I also have another, more obnoxious method you can try, but I'd try ComboFix first, it has yet to fail me.

The top three anti-virus programs in my book are AVG, Avast, and Avira AntiVir, and actually, the Windows Security Essentials program isn't half bad, and I especially enjoy how it actually allows me to safelist anything that it accidentally false-positives, unlike many AV programs. Any of those work, IMO, but it doesn't matter how good your anti-virus program is if you're doing high-risk activities, it's like trying to cross a busy road by having a tank in front of you, instead of just looking both ways before crossing, proper precautions prevent possible problems(alliteration ftw!).

I'm not even going to ask where you get your warez. And I know you aren't a complete idiot. Now, if someone didn't know yet, freaking ask me for stuff like "keygen for Mass Effect", I can get you anything virus clean and working, just ask. Or you can do it your way and get viruses and stuff.

Oh and "AVG, Avast, and Avira AntiVir" are bottom 3 in my book, followed by kaspersky.

Wow, Gigins, what a helpful fellow you are, so, do you think you can take any more advice from other people, shoot it down with no reasoning, and provide none of your own? Because I think that would make this topic so much better!

It's weird - those three are smack-dab in the middle of my book.

I love Avast! with all my heart. It has never once let me down, but that includes me not being an idiot.

nod32

And serves you right for pointing out the 3 biggest piece of shit antiviruses as the best ones.

Post has been edited 1 time(s), last time on Jul 16 2010, 5:26 am by Gigins.

I use MSE.

NOD32 has significantly more false-positives than any other antivirus, from my own experience, hence it not being listed.