This file has recently come onto my computer. I have McAfee installed, but it seems to have evaded McAfee when one of my students put his flash drive into my computer. I have since then scanned the computer fully, and I have seen the scan go over Bsqxita.exe, apparently think about it, and then go on to declare it clean. Nevertheless, I now have two new accounts "installed" (BSQXITA and Database) on my computer, which is operating on XP. Every time a flash drive is attached to my computer it also picks up the infection, which manifests itself as "folders" called "Beyonce", "Chris Brown", and so on. This is well described if you google "BSQXITA". You can't delete these files, you can't reformat the flash drives, and you can't delete the false accounts from your computer.
I have now spent a day trying to remove it, using the steps outlined on the McAfee Website, to no avail. Like the Virus Scanner, Stinger just goes right on by - once again, you can see it pause at BSQXITA.exe, and then keep going having decided it is clean. When you try to find it in the McAfee virus library, it does not appear, which is surprising given there are websites from September 2009 accurately describing it.
With my frustration level rising, I need some answers quickly - how is it removed? If McAfee is incapable of detecting and removing it (as appears to be the case) then can anyone recommend an alternative?
I have no personal experience with this infection, however...
See the "required reading" stickies at the top of this forum about spyware removal.
Both are free.
Be sure to update their definitions before running them, and let them clean what they find.
Although I generally create a system restore point before installing new software, if your system is infected, that can be a problem, since the infections sometimes hide in the restore points, making them hard to find or clean.
So, instead, you might want to actually disable system restore before cleaning (WARN ING: that will remove your existing restore points) and then create a new one once you are clean.
If the infection makes it hard/impossible to run either of them, contrary to some instructions you might see here at the McAfee forums, MBAM should not be run in Safe Mode (the devs are very clear about that at the MBAM forums). There are instructions at the MBAM user forums about how to get MBAM to run when the infection interferes; they also have malware removal assistance & excellent assistance for free at their forums.
I assume SAS also has similar instructions and assistance.
(The paid version of MBAM includes real-time protection to prevent infections in the first place -- it is very reasonably priced (lifetime sub) and runs fine alongside McAfee Security Center (at least the "2009" versions).
You might also wish to try www.bleepingcomputer.com for help.
Once you get your flash drive cleaned up (or if you end up buying a new one), you might try Panda USB Vaccine:http://www.pandasecurity.com/homeusers/downloads/usbvaccine/ As the name implies, it immunizes your flash drive by preventing any malicious programs from auto-running. This minimizes the chance that it will pick up an infection from your computer or someone else's.
Hope this helps.
Please post back and let us know how it goes, or if you need additional help,
(Just a home user, NOT an expert!)
You have the file so can you submit it to Mcafee labs if they reply saying clean reply asking for a manual check.
This way the signature will get into the dat files and help others .
They will send you an extra.dat file that will clean it.
the free scanners MM suggested will also help but please submit it as well.
After submitting the file HERE you could try some free remedies. According to my research this is also known as Trojan.Dropper/Win-NV although information is a bit scant.
Many thanks for your help and useful suggestions. I submitted the file in question to the Virus Lab, and also tried the free software. The free software identified a problem, but was not able to fix it. However, the Virus Lab responded after a day or so to say that a revised DAT (6065) would deal with it, and this has proved to be the case. But I must admit to having had a couple of frustrating days!
Once again, thanks to all.