Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sheur2.gnw


  • Please log in to reply
3 replies to this topic

#1 mgsimmo

mgsimmo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:00 AM

Posted 21 December 2008 - 11:48 AM

I appear to have multiple infections on my PC but none of the traditional remedies appear to help in eradicting it!!

I am running Windows XP Service Pack 2 with AVG Free as my Anti-Virus. I have Ad-Aware, Spybot Search and Destroy and MalwareBytes Anti-Malware installed and fully up to date. I have also tried using CWShredder, Vundofix and MS Malicious Software Removal Tool.

AVG is picking up a virus called Sheur2.gnw which has infected C:\windows\system32\userinst.exe. However it will not let me heal the infection at all (Googled it and can't find any info). I also noticed at this time that my Windows Firewall had been disabled and that I could not reactivate it (still can't do it). I then downloaded Zone Alarm and this appears to be working normally.

In addition to this I have a band of what appears to be Russian Text at the bottom of the page in every IE Window (I was running 6 when this started yesterday but I have since upgraded to 7). Nothing that I run seems to remove this at all (it scrolls up and down the page as you do)!! I cannot post to this site using IE (as it will not display the site properly) but I can using Opera (no such problems with the Russian Text on Opera).

Clearly I have a plethora of associated problems that are beyond my limited capabilities and nothing I seem to do clears it up. I would be most grateful for any pointers that you think may be useful in my quest!!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:00 AM

Posted 21 December 2008 - 04:28 PM

Hello and welcome. Perhaps this is a new bit of malware. Let's see what we can find out. Please upload the file to Virustotal and/or Jotti's malware scan. Post their reply to you here in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ChrisReid

ChrisReid

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 23 December 2008 - 06:06 PM

I have the exact same issue that started on the same day. Here's the link when I upload to virustotal: http://www.virustotal.com/analisis/f2ceee5...705108fe32190f6

Any ideas?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:00 AM

Posted 23 December 2008 - 08:54 PM

Both ChrisReid and mgsimmo should now follow these instructions.
Preparation Guide For Use Before Using Hijackthis

Edited by garmanma, 26 December 2008 - 12:31 PM.
spelling-Removed comment to post that has been removed.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users