Sign in with
Sign up | Sign in
Your question

Win32.small.ca

Last response: in Windows 7
Share
November 15, 2011 4:07:12 PM

Hello,
Please please help me remove this insane virus hiding in my files. I've tried everything. Thankyou so much, i want to get rid of this without it erasing my pc.

I also posted on another forum asking for help:
http://www.gaiaonline.com/forum/computers-technology/wi...

Thankyou

More about : win32 small

Related resources
Can't find your answer ? Ask !
November 15, 2011 8:31:50 PM

step 1 save important stuff
step 2 reinstall windows
step 3 ????
step 4 Profit
a b $ Windows 7
November 16, 2011 1:30:53 PM

^^ Thats an admission of defeat, not a solution. Between MalwareBytes and MSE, there is almost no reason to have to reformat due to a virus anymore.
November 16, 2011 1:48:16 PM

Thankyou for the reply everyone. But as usual, none of them picked it up.
Basically this virus began when i downloaded something, AVG told me to either move it to quarantine (which it wouldn't) or do nothing. So I forced it to move, causing my whole pc to crash.

Now when I start windows up in normal mode the only thing i see is the mouse. I think the virus is preventing me from starting up windows normally.

Also I think this virus is responsible for APPCRASH, which Action Center told me about
November 16, 2011 1:59:44 PM

gamerk316 said:
^^ Thats an admission of defeat, not a solution. Between MalwareBytes and MSE, there is almost no reason to have to reformat due to a virus anymore.


It's just instinct really... I spent a bit of time in the military and as a precautionary method any time a box is infected once forensic work is done the machine is wiped and reinstalled... I personally keep good backups and an install is not very time consuming so it's just easy... plus super clean machine is just refreshing... I reinstall windows almost annually...
November 16, 2011 5:15:59 PM

Apparently I have to reinstall windows. Damn, i really i hoped itwouldn't have come to that conclusion
a b 8 Security
a b $ Windows 7
November 16, 2011 5:22:34 PM

If you have all your irreplaceable personal files and data backup you can try one more approach.

Thats using a bootable CD AV scan. It loads it's own operating system and without the infected Win7 OS running to defend itself it might succedd where the others failed.

The Win32.small is a 'backdoor' and likely not your major problem. I'm thinking you have a rootkit - where the OS itself has been modified and has some capability to defend itself.

AVG Rescue CD . You download the .iso file and burn it to a CD. Boot the CD (use F12 at power on to get the Advanced Boot Menu) and run the AV scanner.
November 17, 2011 9:52:15 AM

Thankou so much for helping my identify the problem.
The only thing is, when I try to insert a disc into my disc drive it won't open!!!
I honestly don't know why either. It's just not doing anything no matter how many times i preses it
a b 8 Security
a b $ Windows 7
November 17, 2011 9:59:05 AM

That might be a very crafty rootkit defending itself.

Can you open the CD/DVD drive before Windows loads, right after power on?
Can you burn the CD on a different computer?

If necessary, I think we can get you a non-infected OS that you can bootup and run.
It's not Windows - but it pretty much looks and acts the same way.
Ubuntu Desktop use on a CD or USB thumb drive.
Use the F12 key at power on to get the Advanced boot menu and choose the DVD or USB drive.
November 17, 2011 10:37:28 AM

I've burned it on another laptop, i just can't insert it into my pc...I thought it was something to do with the motherboard not being connected, (or something like that) to the disc drive.

Then I tried looking into Registry editor (using this thread as a guide http://www.tomshardware.co.uk/forum/159708-35-drive-dev...) But I couldn't delete the folder, it just said "error while deleting key". Then I noticed "Creator owner had full control" but that's probably nothing but it just bugged me.

I think i'll try doing it on a usb drive. I also tried the "pin trick" which didn't work either. But I cannot thankyou enough for your help
November 17, 2011 11:40:23 AM

Just recieved an error message when installing Ubuntu:
"An error occured: Extraction failed with code 2 For more information, please see the log file: c:\users\eleanor\appdata\local\temp\wubi-11.10-rev241.log"

:fou: 
a b 8 Security
a b $ Windows 7
November 17, 2011 11:44:49 AM

Check the USB stick and use the Show Me How instructions:

a b $ Windows 7
November 17, 2011 1:41:16 PM

angelberry66 said:
Basically this virus began when i downloaded something, AVG told me to either move it to quarantine (which it wouldn't) or do nothing. So I forced it to move, causing my whole pc to crash.


Based on this, theres the possiblity of a false-positive, and you moved a critical system file, borking the system..

slhpss said:
It's just instinct really... I spent a bit of time in the military and as a precautionary method any time a box is infected once forensic work is done the machine is wiped and reinstalled... I personally keep good backups and an install is not very time consuming so it's just easy... plus super clean machine is just refreshing... I reinstall windows almost annually...


I work in the defense industry; we format whenever theres a virus because we can't risk any remenant, even if all traces of hte virus are gone. For home users, formatting should never be required.
November 17, 2011 1:50:50 PM

I seriously cannot thankyou enough, now windows is working again in normal mode oh my god i'm so happy.
Now all i need to do is get rid of the virus right? What anti malware program should i run?
a b 8 Security
a b $ Windows 7
November 17, 2011 2:22:38 PM

What did you end up doing to get Windows running in Normal mode?

The "How to Remove a Trojan or Rootkit" above is still pretty good advice.
November 17, 2011 2:47:07 PM

This is gonna sound really frustrating.
But I use a TV insted of a pc moniter (i know you're thining what has this got to do with anything), but if i don't wait long enough for my computer to load up, (while the tv is switched on) it just says "out of range".

It did this when I installed the Ubuntu application...while it was on boot menu i waited because it kept saying "USB device not ready error" or something like that, and kept repeating. Then the screen would just flicker off and then i'd get the "out of range" message again. I had to keep restarting my PC, and then waiting till I knew it was doing a scan in the boot menu, then switch the TV on. I did only just see the Ubuntu logo, then it went out of range again. Restarting again, I was lead to start up repair. It told me to remove the USB stick, and then when I did windows was working normally again.

But I think it was that Ubuntu :D .

Now i'm doing scans, I used rKill, now using Malwarebytes and Microsoft Safety Scanner. So far nothing has detected it still. Earlier, I was lead to strange websites...Firefox opened by itself and tried to lead me to an "AVG page" that said something like "THE **** I FEAR FOR MANKIND"...o_O
November 17, 2011 3:11:11 PM

Anti malwarebytes has stopped working?! What the...
November 17, 2011 3:54:14 PM

I just did a hijack this log too, it says something like "unknown owner" in a few checklists
a b 8 Security
a b $ Windows 7
November 17, 2011 8:04:50 PM

Is your CD/DVD drive working again?

It's probably time to make a System Repair Disk with Windows7.
If the CD/DVD drive isnt working a USB thumb drive will work too.
From the Start Menu type repair in the search bar at the bottom and choose Create A System Repair Disc from the Program options.
November 17, 2011 8:11:04 PM

No it's not. But after i downloaded something, the CD drive is now visable in device manager (it wasn't before) but i still can't open it or see that it's on my computer.
This is gonna sound really stupid but...my dad took the pc apart so now the circuits are showing.
Well i don't know how but a coin got stuck on one of the circuits, and he said that could be why the cd drive isn't working
a b 8 Security
a b $ Windows 7
November 17, 2011 8:12:45 PM

Im thinking that Ubuntu was working on the bootloader and that the prompt for repair took care of the rest once Ubuntu had initialize its own bootloader.

Next, once that System Repair Disk is done a AVG Rescue CD scan (can also be done from a USB stick) without Windows running and see what it can find.
If there is a repeat of the AVG finding an infected system file I think the Repair disc will handle it.
A rootkit works on or replaces parts of the Windows OS itself which is why it can be extra tricky to handle.
a b 8 Security
a b $ Windows 7
November 17, 2011 8:14:11 PM

Yes, a stuck coin could do a lot of damage.
Can you take a picture of that and upload someplace like Imagshack.us?
They'll give you a Forum code you can paste in here for us to look at.
November 17, 2011 8:19:21 PM

Sadly...i would but he removed the coin.
He said i'm going into too much hassle to getting rid of this virus, he doesn't see why i shouldn't just allow him to erase my pc memory (which is what he wants to do)

But honestly i'm at loss now...i'm not quite sure what to do. Shall I try the Ubuntu program again, or should i keep running scans to see if they will pick up the virus?
Thankyou so much by the way.

Also, when i try and install avira it fails. And my pc security says there is no anti virus, which there is because i have Malwarebytes
a b 8 Security
a b $ Windows 7
November 17, 2011 8:27:23 PM

If you can remember where the coin was a picture of that spot would still be helpful.

Malwarebytes AntiMalware is a maleware scanner, not an AV program.

Where are you at with backing up your personal files and data?
Ubuntu was mostly a Rescue option to give you access to your hard disk to work on backing up anything you don't want to loose.
a b 8 Security
a b $ Windows 7
November 17, 2011 8:31:29 PM

That failure to install by Aviria is still telling me you might have a rootkit.
If that's true anytime your copy of Windows is running it's defending itself. It's altered the behavior of Windows enough that it can prevent certain programs from running or installing and those that can't detect it.
November 17, 2011 8:47:48 PM

Oh my god, my pc is really going insane it's like it's possessed
November 17, 2011 8:51:48 PM

I just used trojan remover to get rid of something, but then when i restarted windows it was all locking up again, the only thing working was task manager, which i used to try to stop the processers "winlogon.exe" and "crss.exe" (or something like that.
Then just like magic avira works, only to find loads of pop ups appear from it, along with spybot, like a million window pages are popping up. Then out of nowhere i'm redirected to some crazy website. I had to use rKill to stop it from going haywire.
Please tell me what shall i do?
November 17, 2011 8:54:57 PM

I say again... reinstall windows... this would have been done yesterday and you would be happily computing by now.... virus removal is shoddy especially if you're dealing with a rootkit as WR2 is suggesting...
November 17, 2011 8:56:12 PM

I think i will have to :( 
a b 8 Security
a b $ Windows 7
November 17, 2011 8:58:01 PM

Anytime you run your Windows you're not completely in control of it.
So - don't run Windows.

Did you look over that "How to Remove a Trojan or Rootkit" again? You've done Step 1 (in many different ways) over and over again.
It's time to go on to Step 2.
If we can't get that to work it's on to Step 3.
a b 8 Security
a b $ Windows 7
November 17, 2011 9:00:19 PM

System Repair Disk created?
November 17, 2011 9:04:21 PM

I can't do it because the tray won't open
a b 8 Security
a b $ Windows 7
November 17, 2011 9:05:23 PM

USB thumb drive method works just like the Ubuntu thumb drive.
a b 8 Security
a b $ Windows 7
November 17, 2011 9:06:51 PM

"Please be careful not to run the makeboot.bat file directly from hard drive of the computer!"

You want to put that on the USB drive and run it - not your hard drive.
November 17, 2011 9:06:56 PM

Okay, i'll be sure to give it a try when Avira has just finished this system scan, thankyou again everyone
a b 8 Security
a b $ Windows 7
November 17, 2011 9:11:43 PM

If AVG scanner has been updated with the profile of this rootkit there's a fair chance you'll need to use that System Repair Disk (USB drive). The scan could quarantine some vital parts of the OS where the rootkit has installed itself.

You've probably already checked - but the Step 3 is a clean install of Windows.
November 19, 2011 10:32:44 PM

It couldn't find an internet connection (AVG rescue). Then I was stuck on a blank page with just words and i couldn't get off. Then I had no choice but to restart, then i was lead to a blue screen saying something about a disc checkup and if it fails to work i should contact the manufacturer.

But now i'm in safe mode, the virus is stilhere -_-

Shall i just restart restart my operating system?

I did however run a scan and deleted what I found.

November 19, 2011 10:56:56 PM

Now when i try installing and extracting it again it just tells me it's corrupted...
"D:/avg_arl_ffi_all_120_110831a4605.rar CRC failed in arl_rootfs.ext2. The file is corrupt"

*Hangs self*
a b 8 Security
a b $ Windows 7
November 19, 2011 11:02:25 PM

angelberry66 said:
But now i'm in safe mode, the virus is stilhere -_-
When you have a rootkit there IS no safe mode. The OS (windows) is the virus in this case. The Trojan was just the backdoor opening that allowed who ever to slip the rootkit onto your system and gain control.

I never did hear if you have all your irreplaceable personal files and data backed up.


a b 8 Security
a b $ Windows 7
November 19, 2011 11:04:19 PM

You're trying to build the AVG Rescue thumb drive on the infected sysstem?
November 19, 2011 11:16:42 PM

WR2 said:
You're trying to build the AVG Rescue thumb drive on the infected sysstem?



Yess I have my files backed up, i think i may have corrupted the avg rescue CD. I'm just so rubbish with all this, i'm trying to install it on the USB but it says
"Operation failed: Copy files "ntuser.dat" -> "D:/ntuser.dat" failed with Win32 error "32"

I thank you for helping me through all this, but now i think i just give up and i should restart the whole system. Thankyou for everything
a b 8 Security
a b $ Windows 7
November 19, 2011 11:22:22 PM

Don't be too hard on yourself. You're dealing with the worst possible kind of malware infection. I wouldnt be surprised that an infected OS saw the AVG build attempt and took some self defense measures. That's the kind of 'self protection' I expect from a crafty rootkit.
I've had some success but it's never been as easy as the more typical virus or malware infections that aren't rootkits.

It's on to Option 3.
Do you have any Win7 install discs or are you going to use the hidden restore partition?
November 20, 2011 9:44:38 AM

Yes....My dad will probably do this because he wanted to in the first place :) 
Well thankyou everyone very much for taking your time to help me get through this frustrating virus, even though it is still here I appreciate all the help because i wouldn't have known what to do
November 21, 2011 12:00:05 AM

you can have a look to this as they have also discussed on the similar tthing. See if any of the posts over there helps you or not.
November 18, 2012 7:07:31 AM

angelberry66 said:
Hello,
Please please help me remove this insane virus hiding in my files. I've tried everything. Thankyou so much, i want to get rid of this without it erasing my pc.

I also posted on another forum asking for help:
http://www.gaiaonline.com/forum/computers-technology/wi...

Thankyou


You can learn from this article: http://blog.teesupport.com/completely-remove-win32small... If you're not computer literate, you can contact online tech experts there for instant help. Good luck :) 
!