Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus.win32.virut.ce


  • Please log in to reply
3 replies to this topic

#1 Mjisenior

Mjisenior

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 04 March 2009 - 09:10 AM

I plugged my usb drive into a computer and the computer is now damn near unusable. DrWatsn post mortem debugger spams 250+ instances. The viruses that were on my thumb drive I believe I was able to clean and identify - I hope.
My question is, should I spend time tryin to clean this up or just try to back up some data using a pe boot disc and reformat? From looking online about this virus it isn't very nice but hoping someone with more experience could shed some light on this for me.
I ended up trying to clean my thumb drive using the Kaspersky av for Windows7 only because I didn't want to infect any other computers with these viruses. I first plugged the drive into the machine and deleted some files that I didn't recognize using the cmd prompt and entering dir /w/a. The files I deleted were Winxp32.exe, taskmanager17.exe and system.exe. After that I ran a scan with the Kaspersky to clean up even more. The infection looks like it possibly spread to files I tried to run on the suspected source machine but I didn't remember trying to run heavyloader.exe or the fastwiz.exe which was also deleted by Kaspersky. Here is the Kasp rpt.

Detected
--------
Status Object
------ ------
deleted: virus Worm.Win32.AutoRun.lpc File: E:\autorun.inf
disinfected: virus Virus.Win32.Virut.ce File: E:\ATF-Cleaner.exe
not found: virus Virus.Win32.Virut.ce File: E:\FASTWiz.exe
deleted: virus Virus.Win32.Virut.ce File: E:\Heavyload.exe
deleted: virus Virus.Win32.Virut.ce File: E:\LSPFix.exe
deleted: virus Virus.Win32.Virut.ce File: E:\gmer.exe
deleted: virus Virus.Win32.Virut.ce File: E:\netscan.exe
deleted: virus Virus.Win32.Virut.ce File: E:\Dial-a-fix-v0.60.0.24\Dial-a-fix.exe
deleted: virus Virus.Win32.Virut.ce File: E:\Dial-a-fix-v0.60.0.24\secedit.exe
deleted: virus Virus.Win32.Virut.ce File: E:\downadup\anti-Downadup-console.exe
deleted: virus Virus.Win32.Virut.ce File: E:\downadup\Anti-Downadup-graphics.exe


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
Deleted virus Worm.Win32.AutoRun.lpc E:\autorun.inf
Not infected: virus Virus.Win32.Virut.ce E:\ATF-Cleaner.exe
Deleted virus Virus.Win32.Virut.ce E:\Heavyload.exe
Deleted virus Virus.Win32.Virut.ce E:\LSPFix.exe
Deleted virus Virus.Win32.Virut.ce E:\gmer.exe
Deleted virus Virus.Win32.Virut.ce E:\netscan.exe
Deleted virus Virus.Win32.Virut.ce E:\Dial-a-fix-v0.60.0.24\Dial-a-fix.exe
Deleted virus Virus.Win32.Virut.ce E:\Dial-a-fix-v0.60.0.24\secedit.exe
Deleted virus Virus.Win32.Virut.ce E:\downadup\anti-Downadup-console.exe
Deleted virus Virus.Win32.Virut.ce E:\downadup\Anti-Downadup-graphics.exe


I am using Windows7 on the machine which I ran this scan with - fyi. Thanks in advance for any information.

BC AdBot (Login to Remove)

 


#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:13 AM

Posted 04 March 2009 - 09:20 AM

I'm afraid its practically impossible to recover from a Virut infection. This thing tries to infect all executable files on your system. Unfortunately, it does it somewhat 'badly' - and actually corrupts the files. If you try and remove the infected part of these files, you are left with a little corrupted shell of what was once a legitimate program. As soon as this infection hits your system files (which it inevitably does, and looks like it has for you) - big problems start.

should I spend time tryin to clean this up or just try to back up some data using a pe boot disc and reformat?

Definitely back-up and re-format. Make sure you don't back up anything executable (.exe, .scr, .sys...).

Sorry to be the bringer of bad news :thumbsup:
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 Mjisenior

Mjisenior
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 04 March 2009 - 09:28 AM

Thanks for the speedy reply. I really appreciate your input and see that you have some sort of training according to your signature. If you can point me to any useful information so I continue learning about malware removal I would be in even more debt to you and hope someday that I can help others instead of infect them :thumbsup: I also stumbled across an old post on this site that offered HJThis training - you happen to know if that is still available? Thanks again for your valuable time.

#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:13 AM

Posted 04 March 2009 - 09:35 AM

Yes, the Malware training here at BC is still available. I don't know if this is the topic you stumbled across but all the information you need is here:
http://www.bleepingcomputer.com/forums/t/86678/malware-removal-training-program/

Sometimes they suspend admissions so that they don't get overwhelmed with students. If this is the case, there are other Malware Training programs available, like the one in my signature for example (WhatTheTech).

Hope that helps :thumbsup:
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users