Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, Infected With Trojan.dropper.cutwail.d And With Trojan.inject.ia


  • Please log in to reply
6 replies to this topic

#1 Arma

Arma

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 11 June 2008 - 03:58 PM

Both of these files are in the system32 folder, I do not know if they have been infected with a virus or if it was the virus who putted them there in the first place, but I can not delete them since they are in the system32 folder. I use windows XP Home Edition with Internet Explorer.

The viruses are located there:

Trojan.Dropper.Cutwail.D: HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINRV26\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\WINRV26.SYS Detected: Trojan.Dropper.Cutwail.D

Trojan.Inject.IA: C:\windows\System32\svchost.exe (memory dump) Detected: Trojan.Inject.IA
C:\windows\System32\svchost.exe (full dump) Infected with: Trojan.Inject.IA

How do I get rid of those viruses?

Edited by Arma, 11 June 2008 - 04:09 PM.


BC AdBot (Login to Remove)

 


m

#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:42 PM

Posted 11 June 2008 - 05:18 PM

There are instructions for removing Trojan.Dropper.Cutwail here.

The removal method involves editing the registry, so please be careful and backup the registry first. For backing up the registry I like to use ERUNT.

I would then run a full system scan with Malwarebytes' Anti-Malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Arma

Arma
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 11 June 2008 - 06:36 PM

There are instructions for removing Trojan.Dropper.Cutwail here.

The removal method involves editing the registry, so please be careful and backup the registry first. For backing up the registry I like to use ERUNT.

I would then run a full system scan with Malwarebytes' Anti-Malware.


Thanks, but this guide is quite small in explanation. They do not tell me how to get to the Windows XP Professional Setup. I tried rebooting my PC, then booting directly from the CD until I saw "Installing Windows". I am not trying to re-install windows, so how do I get to the repair page whitout having to re-install windows?

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:42 PM

Posted 11 June 2008 - 06:48 PM

For this fix, you have to get into the Recovery Console. Insert the Windows XP CD into the CD drive, and then restart the computer. Click to select any options that are required to start the computer from the CD drive if you are prompted. When the "Welcome to Setup" screen appears, press R to start the Recovery Console. If you have a dual-boot or multiple-boot computer, select the installation that you must access from the Recovery Console. When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

However, before doing this you may want to try running a few scans to see if you can get rid of it that way.

Run a full system scan with Malwarebytes' Anti-Malware in Normal Mode.

Then run a full system scan with SuperAntiSpyware in Safe Mode.

How to start Windows in Safe Mode

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Arma

Arma
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 11 June 2008 - 07:12 PM

For this fix, you have to get into the Recovery Console. Insert the Windows XP CD into the CD drive, and then restart the computer. Click to select any options that are required to start the computer from the CD drive if you are prompted. When the "Welcome to Setup" screen appears, press R to start the Recovery Console. If you have a dual-boot or multiple-boot computer, select the installation that you must access from the Recovery Console. When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

However, before doing this you may want to try running a few scans to see if you can get rid of it that way.

Run a full system scan with Malwarebytes' Anti-Malware in Normal Mode.

Then run a full system scan with SuperAntiSpyware in Safe Mode.

How to start Windows in Safe Mode


Thanks, I am trying this now. Will let you know if it worked.

#6 Arma

Arma
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 11 June 2008 - 08:25 PM

I think it worked, that was very helpfull. Thank you very much.

#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:42 PM

Posted 11 June 2008 - 08:29 PM

If you’re clean, you should create a new Restore Point to prevent possible re-infection from an old one.

Go Start > Programs > Accessories > System Tools and click System Restore. Choose the radio button marked Create a Restore Point on the first screen then click Next. Give the Restore Point a name and then click Create. Then use Disk Cleanup to remove all but the most recently created Restore Point. Go Start > Run and type: "Cleanmgr" (without the quotes). Click Ok > More Options tab > Clean Up in the System Restore section to remove all previous restore points except the newly created one.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users