I plugged my usb drive into a computer and the computer is now damn near unusable. DrWatsn post mortem debugger spams 250+ instances. The viruses that were on my thumb drive I believe I was able to clean and identify - I hope.
My question is, should I spend time tryin to clean this up or just try to back up some data using a pe boot disc and reformat? From looking online about this virus it isn't very nice but hoping someone with more experience could shed some light on this for me.
I ended up trying to clean my thumb drive using the Kaspersky av for Windows7 only because I didn't want to infect any other computers with these viruses. I first plugged the drive into the machine and deleted some files that I didn't recognize using the cmd prompt and entering dir /w/a. The files I deleted were Winxp32.exe, taskmanager17.exe and system.exe. After that I ran a scan with the Kaspersky to clean up even more. The infection looks like it possibly spread to files I tried to run on the suspected source machine but I didn't remember trying to run heavyloader.exe or the fastwiz.exe which was also deleted by Kaspersky. Here is the Kasp rpt.
Detected
--------
Status Object
------ ------
deleted: virus Worm.Win32.AutoRun.lpc File: E:\autorun.inf
disinfected: virus Virus.Win32.Virut.ce File: E:\ATF-Cleaner.exe
not found: virus Virus.Win32.Virut.ce File: E:\FASTWiz.exe
deleted: virus Virus.Win32.Virut.ce File: E:\Heavyload.exe
deleted: virus Virus.Win32.Virut.ce File: E:\LSPFix.exe
deleted: virus Virus.Win32.Virut.ce File: E:\gmer.exe
deleted: virus Virus.Win32.Virut.ce File: E:\netscan.exe
deleted: virus Virus.Win32.Virut.ce File: E:\Dial-a-fix-v0.60.0.24\Dial-a-fix.exe
deleted: virus Virus.Win32.Virut.ce File: E:\Dial-a-fix-v0.60.0.24\secedit.exe
deleted: virus Virus.Win32.Virut.ce File: E:\downadup\anti-Downadup-console.exe
deleted: virus Virus.Win32.Virut.ce File: E:\downadup\Anti-Downadup-graphics.exe
Quarantine
----------
Status Object Size Added
------ ------ ---- -----
Backup
------
Status Object Size
------ ------ ----
Deleted virus Worm.Win32.AutoRun.lpc E:\autorun.inf
Not infected: virus Virus.Win32.Virut.ce E:\ATF-Cleaner.exe
Deleted virus Virus.Win32.Virut.ce E:\Heavyload.exe
Deleted virus Virus.Win32.Virut.ce E:\LSPFix.exe
Deleted virus Virus.Win32.Virut.ce E:\gmer.exe
Deleted virus Virus.Win32.Virut.ce E:\netscan.exe
Deleted virus Virus.Win32.Virut.ce E:\Dial-a-fix-v0.60.0.24\Dial-a-fix.exe
Deleted virus Virus.Win32.Virut.ce E:\Dial-a-fix-v0.60.0.24\secedit.exe
Deleted virus Virus.Win32.Virut.ce E:\downadup\anti-Downadup-console.exe
Deleted virus Virus.Win32.Virut.ce E:\downadup\Anti-Downadup-graphics.exe
I am using Windows7 on the machine which I ran this scan with - fyi. Thanks in advance for any information.
Full Version: virus.win32.virut.ce
I'm afraid its practically impossible to recover from a Virut infection. This thing tries to infect all executable files on your system. Unfortunately, it does it somewhat 'badly' - and actually corrupts the files. If you try and remove the infected part of these files, you are left with a little corrupted shell of what was once a legitimate program. As soon as this infection hits your system files (which it inevitably does, and looks like it has for you) - big problems start.
Definitely back-up and re-format. Make sure you don't back up anything executable (.exe, .scr, .sys...).
Sorry to be the bringer of bad news
QUOTE
should I spend time tryin to clean this up or just try to back up some data using a pe boot disc and reformat?
Definitely back-up and re-format. Make sure you don't back up anything executable (.exe, .scr, .sys...).
Sorry to be the bringer of bad news
Thanks for the speedy reply. I really appreciate your input and see that you have some sort of training according to your signature. If you can point me to any useful information so I continue learning about malware removal I would be in even more debt to you and hope someday that I can help others instead of infect them I also stumbled across an old post on this site that offered HJThis training - you happen to know if that is still available? Thanks again for your valuable time.
I also stumbled across an old post on this site that offered HJThis training - you happen to know if that is still available? Thanks again for your valuable time.
Yes, the Malware training here at BC is still available. I don't know if this is the topic you stumbled across but all the information you need is here:
http://www.bleepingcomputer.com/forums/topic86678.html
Sometimes they suspend admissions so that they don't get overwhelmed with students. If this is the case, there are other Malware Training programs available, like the one in my signature for example (WhatTheTech).
Hope that helps
http://www.bleepingcomputer.com/forums/topic86678.html
Sometimes they suspend admissions so that they don't get overwhelmed with students. If this is the case, there are other Malware Training programs available, like the one in my signature for example (WhatTheTech).
Hope that helps
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.