Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing vrt1.tmp virus?


  • Please log in to reply
3 replies to this topic

#1 tutzeai

tutzeai

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 03 February 2009 - 05:19 PM

Hello,

Computer/System: HP Pavilion dv5000 Laptop , Windows XP

I've been trying to remove this virus/trogan that's recently been appearing when Macafee (ver. 8.5i) does it scan. The file "deleted" returns as either VRT1.tmp, Vrt2.tmp, Vrt3.tmp, etc.. each time I reboot. I've also noticed my Login screen is different now. The laptop seems to be running fine, but I'm concerned with security issues. The problem started with MS Antivirus 2009 appearing when I clicked on a link.

I've tried the following:

1. When MS Antivirus 2009 appeared, I removed it using Malwarebytes' Anti-Malware. (At least I think i did..)
2. Scanning with Prevx CSI - the program found the virus, but to delete it/clean up I was required to buy the program (which i did not...)
3. Re-formatting. However when my laptop tried to do this, the following message appeared

"STOP: c000021a {Fatal System Error} The window Logon Process system process terminated unexpectedly with a status of 0xc0000005 (0x00000000 0x00000000). The system has been shut down"

I tried to search for more information for, but did not find much..Please let me know if you can help me. Thank you.

BC AdBot (Login to Remove)

 


#2 Killzone

Killzone

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 06 February 2009 - 02:20 PM

I got this virus 2 days ago. Its real nasty. I run AVG free edition and Windows firewall.

AVG didnt detect it or stop it, and first realised I had a nasty when the firewall went down.

Spybot detected a host a different viruses, one could only be removed in safe mode. AVG detected various virus files spamed to windows directory but was unable to locate source of infection. Vrt1 loaded on startup and then various temp files appeared in task manager. Im of the uneducated opinion that this nasty drops the firewall then invites in a bunch of other wellknown and hard to remove viruses, including , Rustock, Trojan.TDSS, .
Virus/es prevented loading of new software, deleted passwords, constantly spamed windows with virus files, possibly changing/deleting files/directories. A real horror. Lots of blue screens of death.

Reinstalling windows over the top or repairing was ineffective..often resulting in blue screen of death and reboot part way through the process.

Only way I got rid of it was to format ALL my drives. Formating just C drive didnt kill it, it just respawned from other drives.

Edited by Killzone, 06 February 2009 - 03:12 PM.


#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:36 AM

Posted 06 February 2009 - 05:28 PM

Will it remain running in Safemode?
If you cannot, there's thisfree tool to try
http://www.free-av.de/en/tools/12/avira_an...cue_system.html

Edited by garmanma, 06 February 2009 - 05:29 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 nymphu

nymphu

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 12 February 2009 - 02:21 PM

I formated all my drives instead of one...where i left my files archived....after installing windows again...i installed zone alarm firewall, windows defender and avg free...and everything seemed to work well for a while (2 days) ... Today after unraring my files on that backup partition...and starting to copy some files i needed ...the virus just activated by himself....avg didn't tell me anythin...

now after reboot...avg deletes the vrt1.tmp (cause i added the extension to the resident shield scanner after installing windows) but i get a userinit.exe error and explorer.exe doesn't come up...i have to start it with task manager.

A bunch of files already got infected by win32/heur (heuristic virus) in windows/system32 , dll chache , software distribution and service pack files and service pack uninstall folders . It also copies himself in the system volume information where windows stores the system restore files. It also started to copy in another partition...now...

Keep me informed ! Cheers




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users