Suspicious File, ADDITIONAL INFO

[Bernee]

one week ago, i noticed that a files darkbyte23.exe and an autorun.inf suddenly appeared in my drive C, D, and E wherein its file folder called Darkbyte's Box is in C:\Documents and Settings\All Users\Application Data. Inside the folder is also a file called Darkbyte's WOrm. I tried many times to delete these files, its related folder and its start-up file but when i close C, D and E and open the drives again, the file darkbyte23.exe and its autorun.inf are again in C, D and E and its folder is again in the application data folder (also its start-up file)!!! i tried to delete these files on safe mode but still it return immediately. When i inserted any flask disk or external hard disk, it copies itself to these disks. I search the files in the website of McAfee, Symantec, Kaspersky, Trend Micro and Sophos but they found nothing. Is this darkbyte23.exe file a virus, trojan, malware, worm, spyware, adware or just a harmless file??? any information asap about these files will be greatly appreciated. thanks. I FORGET TO INFORM THAT I HAVE AVG PRO anti-virus (90 DAY FREE TRIAL FROM IOBIT) WHICH IS UPDATED EVERYDAY. HOWEVER, IT CANNOT DETECT THIS MALWARE FILE. EVEN TREND MICRO ONLINE SCANNER CANNOT DETECT THIS DARKBYTE23.EXE!!! ANY HELP WILL BE GREATLY APPRECIATED, AGAIN THANKS.

[evilfantasy]

Moved to the malware removal forum.

Start here >CLICK<

Post the logs in this thread when complete.

[Bernee]

Thanks for your advice regarding Malware Removal Process. I will follow it steps by steps. By the way, SOPHOS has detected this suspicious file (I sent a sample to them) as a worm called W32/DarkBit-A. I think this is a new worm as Symantec, McAfee and Trend Micro did not detect it. I would greatly appreciate if you could suggest a manual removal tool for this worm. By the way, I have an AVG Pro anti-virus which is updated regularly but it did not also detect this. My OS is Win XP Pro, SP2. Again, thank you very much.

[SuperDave]

You need to follow Evil's advice in order to get help.

[Bernee]

To Computer Hope Admin and Evilfantasy: I have done the steps by steps procedures for malware removal process. I have done it as you have advice from the start up to completion (doing it very carefully so I will not miss anything). I am posting here the results of SuperAntispyware logs, Malwarebytes' log and Hijackthis log. Although I have followed your instructions and procedures to the letter, I noticed that the darkbyte23.exe, autorun.inf are still in my drive C, D and E. Also, the folder Darkbyte's Box is still in C:\Documents and Settings\All Users\Application Data, wherein the file Darkbyte's WOrm is also inside the folder plus the start-up file of this darkbyte is still in the start-up items. They cannot be deleted even if I try to delete them manually on safe mode. As I have said, Sophos have identified this suspicious file as worm W32/Darkbit-A. Thank you very much for your help and assistance.

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

Download Combofix by sUBs from one of the below links.

• Link #1
  
• Link #2

Important! Combofix.exe MUST be saved to and ran from the Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
• Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
  
  • Click this link to see a list of security programs that should be disabled and how to disable them.
    
  • If yours is not listed and you don't know how to disable it, please ask.
• Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  
• Double click combofix.exe & follow the prompts.
• Choose Yes to accept the Disclaimers.
• When finished, it will produce a log for you.
• Post that log in your next reply.

Warning: Do not mouseclick Combofix's window while it is running. That may cause it to stall

• If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  
• Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

If needed, see this Combofix tutorial with screenshots that will detail more thoroughly the downloading and running of Combofix.

----------

Next post add
Combofix log