Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


ROOTKIT - JS.Virut.X - JS.Virut.Y - Win32.Virut.X - Win32.Virut.Y (Mutant) (BBS)

  • Please log in to reply
1 reply to this topic

#1 DRiFTn3


  • Members
  • 1 posts
  • Local time:12:22 PM

Posted 18 February 2009 - 08:09 PM

Hey Everyone Im Pretty New To The Forums But Anywayz So If I Posted In The Wrong Section...


I Got Over 5 Computers Infected With This Injected JS.Virut.X JS.Virut.Y Win32.Virut.X Win32.Virut.Y that is not listed what so ever on any google pages. its called something completly different with SOPHOS Removal Emogen Or HTML I FRAME.

Avast wont remove it
AVG wont remove it
Outpost security suite pro wont remove it (claims to remove it but then it reappear on scan after restart)
Zonealarm claims to remove but on restart reappears
avast goes into LOOP - both home n pro
DR WEB wont remove.
bit defender wont remove
kaspersky wont remoe and kaspersky gets shutdown by it
outpost the virus creates rules to reenable itself in the smart advisor filter as acting as a genuine certificate for the vendor.
its a rootkit so YES i have formatted and reinstall windows, replace hard disk drives, scanned and removed virus etc... and transferred data back and it has taken over the newly formatted system

Malwarebytes with latest update, picks up over 8 threats and removes on restart but reappears when you rescan as it does not remove or does and it regenerates itself injecting the files over and over and it gets worse each time...

YES. SYSTEM RESTORE IS OFF. and all points removed... never enabled...

McAfee Wont Work
Norton Wont Work
Kapersky Wont Work
Bit Defender Wont Work
avast wont work
avg wont work
hijack this is denied
task manager denied
registry denied
admin denied
if i grand these to approve and have access via scripting or reg entries i can bypass the access denied but still does not work...
ROOTKIT software such as UNHACK ME by GENESIS
panda rootkit
F-Secure wont work... picks up HIDDEN ROOTKITS but wont remove... claims to but they reappear

the only option really i have left it the one that i cant deal with which is format and lose all data and start from scratch


combofix doesnt work or even run
catch me - doesnt work
ad aware picks up but doesnt remove
spybot S&D doesnt work
malware doesnt work
im running out of ideas

NOD32 doesnt even pick up a virus

its not a false postive but it mainly goes for MYOB14 up to MYOB 18 files to do with HTM files mostly and injects into system32
and root %windir% directories....
it also is hidden

i comes along with the varient HTML-IFRAME. which nothing removes..

IM CONFUSED, UPSET, AND dunno what to do...

if anyone has any ideas please get back to me ASAP

means alot



BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,561 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:10:22 PM

Posted 18 February 2009 - 10:19 PM

Hello and welcome. This is a serious and difficult infection to remove. We are best served using the HJT tools.
We need to run HJT.
Please follow this guide. Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know it it went OK !
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users