Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtob Infected The Comp, Can't Login Now


  • This topic is locked This topic is locked
7 replies to this topic

#1 jourosis

jourosis

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 06 December 2007 - 05:34 PM

So it's been a while since I've tried to troubleshoot a computer. Right now I'm on my laptop, but my desktop has been infected with virtob. Avast kept picking up the worm as it moved from file to file as I was looking for an effective counter-measure. Apparently on my last restart it infected my logon/off process. Now when the comp boots up, instead of the standard XP welcome screen a little window "Log On to Windows" pops up on a black background. Attempts to log on fail as it will log on and immediately log off. Both my user and Admin yield the same results. Attempts to start in safe mode (w/ and w/out networking) get me to a black screen w/ "safe mode" on the 4 corners. This happened once before and I wiped my windows directory and reinstalled (I know, lazy/ineffective etc etc). I can do it again but was wondering if there were any other options. My windows dir is on a different partition from my programs and docs, so no worries about that. Once I get in to windows, then I can run HJT and/or adaware. Any help is appreciated, I have the rest of the day dedicated for this pretty much. TIA

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 AM

Posted 06 December 2007 - 09:10 PM

You have a real nasty infection on your system. Virut/Virtob is a file infector which infects all .exe and .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. When disinfection is attempted, the files become corrupted and the system may be irreparable.

Even if you could logon, many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS - "When should I re-format?".

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.

Virut/Virtob is contracted and spread by visiting crack and keygen sites. Those who attempt to get software for free end up with a computer system so badly damaged that a Repair Install will NOT help! Reinstalling Windows without first wiping the hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Starting over, reformatting the drive and performing a clean install removes everything. You should not backup any .exe files because they are probably infected but you can backup documents and pictures.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 jourosis

jourosis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 06 December 2007 - 09:58 PM

Thanks for the info and fast reply. So I have no problem formatting/installing WinXP pro from disk. I understand also that I should reformat the partition that my programs are installed on as well. My question is, will it be a moot point for me in reinstall like that if I still have install files (the various programs shells you download to install programs ie: zaSetup_en.exe) that are saved on my document partition.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 AM

Posted 07 December 2007 - 09:29 AM

My question is, will it be a moot point for me in reinstall like that if I still have install files (the various programs shells you download to install programs ie: zaSetup_en.exe) that are saved on my document partition

As I said, Virut/Virtob is a file infector virus which infects all .exe and .scr files. IMO you probably would be wasting your time without first wiping the entire hard drive with a repartition and/or format.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 jourosis

jourosis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 07 December 2007 - 01:16 PM

Thank you kindly. My plan of attack is going to be format my windows partition, reinstall windows. Get in to my docs and delete all .exe/.scr files and then reformat/reinstall windows again. Thanks again for the help.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:45 AM

Posted 07 December 2007 - 01:48 PM

Your welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 jourosis

jourosis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 07 December 2007 - 02:01 PM

phase I complete, only *.exe and *.scr files left on any partition are in the windows folder I just installed, reformatting and installing the second time now.

#8 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:08:45 AM

Posted 07 December 2007 - 06:05 PM

Since you have a HJT log posted in the HijackThis Logs and Malware Removal forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.

At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

This topic will now be closed, since you have an open log posted.
If you have any questions, feel free to send me a PM.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users