Infected by some Virus

[kislay_kishore2003]

I installed a fresh copy of XP after my previous installation got unstable. After installing the copy when I started deleting the folders installed in the previous os many of them refused to get deleted and the message said that "can't delete since the directory is not empty" eg Drivers folder in System32. After that I renamed the folder Windows and again tried to delete but again the same message. The same happened when I tried to delete VB 6.0. So I left it. Now my antivirus is regularly displaying msgs like
"Object Name c:\MicrosoftVB6.0\VB98\TSQL\vbsdicli.exe
Virus Name W32.Almanahe.B!inf
Action taken The file was repaired"
and
"D:\program Files\Common Files\Teleca Shared\CapabilityManager.exe
Virus Name W32.Almanahe.B!inf
Action taken The file was repaired"
while for
"Object Name D:\Program Files\Messenger\msmsgs.exe"
The file is in accessible so can't be repaired

What should I do???

[prashanthpai]

http://www.raymond.cc/blog/archives/2008/01/23/how-to-clean-and-remove-jambanmu-alman-or-almanahe-virus/

And manually remove startup entries and fix reg setting in registry using HJT.

[Raymond]

I'd suggest you to reformat your computer and reinstall Windows as this virus is too destructive. The virus will inject itself into every EXE files and even if the antivirus is able to "clean" it, the file would be corrupted.

Make sure your USB flash drive (pen drive) is clean from ahmanahe virus too because that is where it spreads.

[Ceyfer √]

I thought this one is now curable via AV scan but as u said sir { "The virus will inject itself into every EXE files and even if the antivirus is able to "clean" it, the file would be corrupted. " } That's horrible -

%Windir%\killer.exe

W32/Almanahe.a is a polymorphic parasitic worm that infects Win32 executable files (*.exe) that can also download and execute additional malware.

Additional infos:

http://vil.nai.com/vil/content/v_142021.htm

[prashanthpai]

Indeed - very scary one. There several variants too. Some articles or analysis say the damage level as "Medium". Is there any virus still more destructive ?
I need to get my hands on some samples of this.

[Ceyfer √]

Several variants exist /and its case to case basis - If u do have a good AV protection u could definitely wiped this nasty bug out from ur flash drive / storage device but once ur system got infected ( severely ) hmm, u need to solve via the article written by sir Raymond above "link" or just reformat it...

[afiraz]

Try to using 'Trojan Remover'. Simply download here : http://www.simplysup.com/
It is 30 days trial but you can use it to remove your virus/trojan.
I use this software and doesn't have any problem.

I hope this will help you.

[Raymond]

Ahmanahe is a very destructive virus, NOT a trojan and I am sure that Trojan Remover can't clean it. Even if it can, I believe it won't be able to cure those executable files that has been injected by the virus.

Prash, I will try to get a copy of that virus and let you see its power.

[prashanthpai]

Err.. if you do get it, please make a password protected archive. I might accidentally extract it. I don't have the habit of making data backups.

[Raymond]

Will do. But I will only be going to my client's place next Wednesday so we have to wait until then.