BleepingComputer.com: virus.win32.virut.ce

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

virus.win32.virut.ce thumb drive infection

#1 User is offline   Mjisenior 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 18-August 08

Posted 04 March 2009 - 09:10 AM

I plugged my usb drive into a computer and the computer is now damn near unusable. DrWatsn post mortem debugger spams 250+ instances. The viruses that were on my thumb drive I believe I was able to clean and identify - I hope.
My question is, should I spend time tryin to clean this up or just try to back up some data using a pe boot disc and reformat? From looking online about this virus it isn't very nice but hoping someone with more experience could shed some light on this for me.
I ended up trying to clean my thumb drive using the Kaspersky av for Windows7 only because I didn't want to infect any other computers with these viruses. I first plugged the drive into the machine and deleted some files that I didn't recognize using the cmd prompt and entering dir /w/a. The files I deleted were Winxp32.exe, taskmanager17.exe and system.exe. After that I ran a scan with the Kaspersky to clean up even more. The infection looks like it possibly spread to files I tried to run on the suspected source machine but I didn't remember trying to run heavyloader.exe or the fastwiz.exe which was also deleted by Kaspersky. Here is the Kasp rpt.

Detected
--------
Status Object
------ ------
deleted: virus Worm.Win32.AutoRun.lpc File: E:\autorun.inf
disinfected: virus Virus.Win32.Virut.ce File: E:\ATF-Cleaner.exe
not found: virus Virus.Win32.Virut.ce File: E:\FASTWiz.exe
deleted: virus Virus.Win32.Virut.ce File: E:\Heavyload.exe
deleted: virus Virus.Win32.Virut.ce File: E:\LSPFix.exe
deleted: virus Virus.Win32.Virut.ce File: E:\gmer.exe
deleted: virus Virus.Win32.Virut.ce File: E:\netscan.exe
deleted: virus Virus.Win32.Virut.ce File: E:\Dial-a-fix-v0.60.0.24\Dial-a-fix.exe
deleted: virus Virus.Win32.Virut.ce File: E:\Dial-a-fix-v0.60.0.24\secedit.exe
deleted: virus Virus.Win32.Virut.ce File: E:\downadup\anti-Downadup-console.exe
deleted: virus Virus.Win32.Virut.ce File: E:\downadup\Anti-Downadup-graphics.exe


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
Deleted virus Worm.Win32.AutoRun.lpc E:\autorun.inf
Not infected: virus Virus.Win32.Virut.ce E:\ATF-Cleaner.exe
Deleted virus Virus.Win32.Virut.ce E:\Heavyload.exe
Deleted virus Virus.Win32.Virut.ce E:\LSPFix.exe
Deleted virus Virus.Win32.Virut.ce E:\gmer.exe
Deleted virus Virus.Win32.Virut.ce E:\netscan.exe
Deleted virus Virus.Win32.Virut.ce E:\Dial-a-fix-v0.60.0.24\Dial-a-fix.exe
Deleted virus Virus.Win32.Virut.ce E:\Dial-a-fix-v0.60.0.24\secedit.exe
Deleted virus Virus.Win32.Virut.ce E:\downadup\anti-Downadup-console.exe
Deleted virus Virus.Win32.Virut.ce E:\downadup\Anti-Downadup-graphics.exe


I am using Windows7 on the machine which I ran this scan with - fyi. Thanks in advance for any information.

#2 User is offline   jpshortstuff 

  • WhatTheTech Teacher
  • PipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 660
  • Joined: 15-June 07
  • Gender:Male
  • Location:UK

Posted 04 March 2009 - 09:20 AM

I'm afraid its practically impossible to recover from a Virut infection. This thing tries to infect all executable files on your system. Unfortunately, it does it somewhat 'badly' - and actually corrupts the files. If you try and remove the infected part of these files, you are left with a little corrupted shell of what was once a legitimate program. As soon as this infection hits your system files (which it inevitably does, and looks like it has for you) - big problems start.

Quote

should I spend time tryin to clean this up or just try to back up some data using a pe boot disc and reformat?

Definitely back-up and re-format. Make sure you don't back up anything executable (.exe, .scr, .sys...).

Sorry to be the bringer of bad news :thumbsup:
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 User is offline   Mjisenior 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 18-August 08

Posted 04 March 2009 - 09:28 AM

Thanks for the speedy reply. I really appreciate your input and see that you have some sort of training according to your signature. If you can point me to any useful information so I continue learning about malware removal I would be in even more debt to you and hope someday that I can help others instead of infect them :thumbsup: I also stumbled across an old post on this site that offered HJThis training - you happen to know if that is still available? Thanks again for your valuable time.

#4 User is offline   jpshortstuff 

  • WhatTheTech Teacher
  • PipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 660
  • Joined: 15-June 07
  • Gender:Male
  • Location:UK

Posted 04 March 2009 - 09:35 AM

Yes, the Malware training here at BC is still available. I don't know if this is the topic you stumbled across but all the information you need is here:
http://www.bleepingcomputer.com/forums/topic86678.html

Sometimes they suspend admissions so that they don't get overwhelmed with students. If this is the case, there are other Malware Training programs available, like the one in my signature for example (WhatTheTech).

Hope that helps :thumbsup:
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users