Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde/Win32.Delf.uc infection


  • This topic is locked This topic is locked
3 replies to this topic

#1 InError

InError

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 07 March 2009 - 01:00 PM

Hello. Ahead of time, I read through the instructions to post carefully. I did encounter an error with DDS as i'll describe below.

Came home to this problem and not sure what my son did. Of course, wehn asked he said nothing. Originally, I was unable to logon to windows regularly and was also unable to use safe mode for more than about 3min before it slowed to a crawl and froze. Logging into Windows regularly left me just looking at a black background with nothing ever changing. The login screen has been changed and still remains that way. The best way for me to describe it is to say it now looks like an older NT or server login box. From my reading I understand this is directly tied to ensuring the start of whatever malicious is running.

Since my hands were tied and I couldn't use safe mode to scan using SD or even run hijackthis, I bit the bullet and bought a second hard drive (what I amusing to go through this process). I then used avast to scan the HDD and chest the things that popped up. This led me to be able to login with safe mode and run Spybot S&D successfully, as well as Hijackthis and smitfraudfix. SD continuously returns the one result "Win32.Delf.uc" and i'm unable to remove it myself to this point. I should also note that I used "SDFix" as it was something listed to deal with Win32.Delf. It ran in safe mode and then wanted to reboot, only to reboot in normal mode and have the same login screen + freeze.

I transferred DDS to the main drive and booted into safe mode to run it so I could obtain the two files I was instructed to. Immediately upon opening I received a general error (Windows encountered an error ... send report or dont. Referenced eds as the problem). So I can only post my HJT log at the moment. Let me know what else I need to do.


**Updated - Kaspersky log listed below as well**

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:02 PM, on 3/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Jason\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {cf6cdaae-9995-4ab2-a08d-6a9b73001eec} - C:\WINDOWS\system32\lubiniyo.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [rasevebono] Rundll32.exe "C:\WINDOWS\system32\jeniguju.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [comidle] "C:\Documents and Settings\Jason\Application Data\comidle\comidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-18\..\Run: [comidle] "C:\Documents and Settings\Jason\Application Data\comidle\comidle.exe" 61A847B5BBF728103B9D3B466188719AB689201522886B092CBD44BD8689220221DD3257 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [comidle] "C:\Documents and Settings\Jason\Application Data\comidle\comidle.exe" 61A847B5BBF728103B9D3B466188719AB689201522886B092CBD44BD8689220221DD3257 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O20 - AppInit_DLLs: c:\windows\system32\jihuvife.dll,C:\WINDOWS\system32\vusumuje.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jihuvife.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jihuvife.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5859 bytes




Kasperky -

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, March 7, 2009
Operating System: Microsoft Windows Vista Ultimate Edition, 64-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, March 07, 2009 18:04:13
Records in database: 1877852
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 132329
Threat name: 5
Infected objects: 451
Suspicious objects: 0
Duration of the scan: 01:24:28


File name / Threat name / Threats count
E:\Documents and Settings\All Users\BPK\bpk.exe Infected: Virus.Win32.Virut.ce 1
E:\Documents and Settings\All Users\BPK\bpkconfigure.exe Infected: Virus.Win32.Virut.ce 1
E:\NVIDIA\nForceWin2KXP\6.86\AudioDrv\nvuaudio.exe Infected: Virus.Win32.Virut.ce 1
E:\NVIDIA\nForceWin2KXP\6.86\AudioDrv\nvumpu.exe Infected: Virus.Win32.Virut.ce 1
E:\NVIDIA\nForceWin2KXP\6.86\AudioUtl\Setup.exe Infected: Virus.Win32.Virut.ce 1
E:\NVIDIA\nForceWin2KXP\6.86\Ethernet\nvunrm.exe Infected: Virus.Win32.Virut.ce 1
E:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\legacy\nvuide.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\AvRack\rtlrack.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\CrossLoop\CrossLoopConnect.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\CrossLoop\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
E:\Program Files\CrossLoop\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
E:\Program Files\DAMN NFO Viewer\DAMN NFO Viewer.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Deskshare\My Screen Recorder\My Screen Recorder.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Deskshare\My Screen Recorder\Tutorial\SAFlashPlayer.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\DivX\DivX Codec\config.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\DivX\DivX Converter\Converter.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Eidos\Shellshock 2\Shellshock 2.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Electronic Arts\Battlefield 2142\Support\EasyInfo.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Electronic Arts\Battlefield 2142\Support\EReg.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Electronic Arts\EADM\Core.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\FrostWire\FrostWire.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\GlobalSCAPE\CuteFTP 8 Lite\cuteftplite.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Haysoft\HS WinPerfect\WinPerfect.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Internet Explorer\Connection Wizard\isignup.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Internet Explorer\iedw.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Internet Explorer\IEXPLORE.EXE Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Java\jre1.6.0_03\bin\javaws.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Jetico\BCWipe\CryptoSwap.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Lavalys\EVEREST Home Edition\everest.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Lexmark X74-X75\lxbbaiox.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Lexmark X74-X75\lxbbvb.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Logitech\SetPoint\Connect.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Logitech\SetPoint\SetPoint.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Messenger\msmsgs.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\NetMeeting\conf.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Olympus\Digital Wave Player\DWP.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Outlook Express\msimn.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Outlook Express\wab.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\PowerISO\PowerISO.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\PowerISO\PWRISOVM.EXE Infected: Virus.Win32.Virut.ce 1
E:\Program Files\QuickTime\PictureViewer.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\QuickTime\QTInfo.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\QuickTime\QTTask.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Realtek AC97\alcrmv64.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Realtek AC97\SoundMan.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\RootsMagic\Placedb.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\RootsMagic\RMMenu.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\RootsMagic\RootsMagic.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Spybot - Search & Destroy\SDFiles.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\TextPad 5\TextPad.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\VCOM\Web Easy Professional 6\vcomFtp.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\VCOM\Web Easy Professional 6\WebEasy6.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Ventrilo\Ventrilo.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Winamp\winamp.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Windows Media Connect 2\wmccds.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Windows Media Connect 2\wmccfg.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Windows Media Player\migrate.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Windows Media Player\setup_wm.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Windows Media Player\wmplayer.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Windows NT\Accessories\wordpad.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Windows NT\dialer.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Windows NT\hypertrm.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\Windows NT\Pinball\PINBALL.EXE Infected: Virus.Win32.Virut.ce 1
E:\Program Files\WinRAR\Rar.exe Infected: Virus.Win32.Virut.ce 1
E:\Program Files\WinRAR\WinRAR.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Alcrmv.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\alcupd.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\BCUnInstall.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\explorer.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\hh.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\inf\unregmp2.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{6444D9D9-CD6C-4464-B970-55C606C944DC}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}\NewShortcut1.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}\IconCD95F66110.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\ConvertXML_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Dragonlog_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NatSpeakD_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NatSpeak_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdminHelp_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdminW_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdmin_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\SchedMgr_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Setuplog_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\TAgent_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Upgrade_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Voctool_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\IsUninst.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\kb913800.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\NOTEPAD.EXE Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\regedit.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\soundman.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\1000.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\accwiz.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\actmovie.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ahui.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\alg.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\arp.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\asr_fmt.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\asr_ldm.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\asr_pfu.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\asuninst.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\at.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\atmadm.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\attrib.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\auditusr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\blastcln.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\bootcfg.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\bootok.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\bootvrfy.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\cacls.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\calc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\CapabilityTable.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\charmap.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ChCfg.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\chkdsk.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\chkntfs.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\cidaemon.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\cipher.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\cisvc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ckcnv.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\cleanmgr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\cliconfg.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\clipbrd.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\clipsrv.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\cmd.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\cmdl32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\cmmon32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\cmstp.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\comp.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\compact.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\conime.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ConTest.dll Infected: Trojan.Win32.BHO.lkl 1
E:\WINDOWS\system32\control.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\convert.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\cscript.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ctfmon.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dcomcnfg.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ddeshare.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\defrag.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dfrgfat.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dfrgntfs.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\diantz.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\diskpart.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\diskperf.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\DivXsm.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dllcache\ckcnv.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dllcache\clipsrv.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dllcache\hostname.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dllcache\imkrinst.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dllcache\inetmgr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dllcache\migregdb.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dllcache\odbcconf.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dllcache\ping6.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dllcache\rundll32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dllcache\user32.dll Infected: Trojan.Win32.Patched.dr 1
E:\WINDOWS\system32\dllcache\userinit.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dllcache\winlogon.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dllhost.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dllhst3g.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dmadmin.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dmremote.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\doskey.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dplaysvr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dpnsvr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dpvsetup.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\driverquery.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\drmupgds.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\drwtsn32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dumphive.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dumprep.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dvdplay.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dvdupgrd.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dwwin.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\dxdiag.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\esentutl.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\eudcedit.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\eventcreate.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\eventtriggers.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\eventvwr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\expand.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\extrac32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\fc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\find.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\findstr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\finger.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\fixmapi.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\fltMc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\fontview.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\forcedos.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\freecell.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\fsquirt.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\fsutil.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ftp.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\getmac.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\gpresult.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\gpupdate.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\grpconv.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\hdashcut.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\help.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\hostname.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ie4uinit.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\iexpress.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\imapi.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\inf\rundll33.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\init32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ipconfig.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ipsec6.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ipv6.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ipxroute.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\irftp.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\java.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\javaw.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\javaws.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\keystone.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\label.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\LEXBCES.EXE Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\LEXPPS.EXE Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\lights.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\lnkstub.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\locator.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\lodctr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\logagent.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\logman.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\logoff.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\logonui.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\lpq.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\lpr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\magnify.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\makecab.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\migpwd.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mmc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mmcperf.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mnmsrvc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mobsync.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mountvol.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mplay32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mpnotify.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mqbkup.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mqsvc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mqtgsvc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mrinfo.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\msdtc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\msg.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mshearts.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mshta.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\msiexec.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mspaint.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\msswchx.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mstinit.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\mstsc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\narrator.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\nbtstat.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\nddeapir.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\net.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\net1.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\netdde.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\netsetup.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\netsh.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\netstat.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\notepad.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\nslookup.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ntbackup.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ntsd.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ntvdm.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\nvappbar.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\nvcolor.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\nvdspsch.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\nvuide.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\nvunrm.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\nvusmb.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\nwiz.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\nwscript.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\odbcad32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\odbcconf.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\openfiles.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\osk.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\osuninst.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\OVComS.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\packager.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\pathping.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\pentnt.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\perfmon.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ping.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ping6.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\pintool.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\powercfg.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\print.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\Process.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\progman.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\proquota.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\proxycfg.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\qappsrv.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\qfecheck.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\qprocess.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\qwinsta.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rasautou.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rasdial.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rasphone.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rcimlby.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rcp.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rdpclip.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rdsaddin.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rdshost.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\recover.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\reg.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\regedt32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\regini.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\regsvr32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\regwiz.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\relog.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\replace.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\reset.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\Restore\rstrui.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rexec.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\route.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\routemon.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rsh.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rsm.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rsmsink.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rsmui.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rsnotify.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rsopprov.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rspndr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rsvp.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rtcshare.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\RTLCPL.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\runas.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rundll32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\runonce.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\rwinsta.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\savedump.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\sc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\scardsvr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\schtasks.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\sdbinst.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\secedit.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\sessmgr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\sethc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\setup.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\sfc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\shadow.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\shmgrate.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\shrpubw.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\shutdown.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\sigverif.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\skeys.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\smbinst.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\smlogsvc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\sndrec32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\sndvol32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\sol.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\sort.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\spider.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\spiisupd.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\spnpinst.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\spool\drivers\w32x86\3\LXBBUN5C.EXE Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\spoolsv.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ssbezier.scr Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ssmarque.scr Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ssmyst.scr Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\stimon.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\subst.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\swreg.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\swsc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\swxcacls.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\syncapp.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\syskey.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\sysocmgr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\systeminfo.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\systray.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\taskkill.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tasklist.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\taskman.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\taskmgr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tcmsetup.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tcpsvcs.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\telnet.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tftp.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tlntadmn.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tlntsess.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tlntsvr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tourstart.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tracerpt.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tracert.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tracert6.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tscon.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tscupgrd.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tsdiscon.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tskill.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\tsshutdn.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\typeperf.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\unlodctr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\upnpcont.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\ups.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\user32.DLL Infected: Trojan.Win32.Patched.dr 1
E:\WINDOWS\system32\userinit.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\usmt\migwiz.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\utilman.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\uwdf.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\verclsid.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\verifier.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\vssadmin.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\vssvc.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\w32tm.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\wbem\wmiadap.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\wbem\wmiapsrv.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\wbem\wmic.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\wbem\wmiprvse.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\wdfmgr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\wextract.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\wiaacmgr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\winhlp32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\winmine.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\winmsd.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\winver.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\WISPTIS.EXE Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\wpabaln.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\wpdshextautoplay.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\wpnpinst.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\write.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\WS2Fix.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\wscntfy.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\wscript.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\WudfHost.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\wupdmgr.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\system32\xcopy.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\TASKMAN.EXE Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\TMUninst.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\twunk_32.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\uninst.exe Infected: Virus.Win32.Virut.ce 1
E:\WINDOWS\winhlp32.exe Infected: Virus.Win32.Virut.ce 1

The selected area was scanned.


Thank you for your help with this matter.

Edited by InError, 07 March 2009 - 05:56 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 PM

Posted 19 March 2009 - 08:12 PM

Ouch!

That's a nasty log right there. Format is the only option here.

Posted ImageVirut File Infector Warning

Your system is infected with a polymorphic file infector called Virut and also has IRC bot functionality. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr) and also web pages (.html and .htm). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.

For these reasons, you really can't truly fix Virut. You will need to reinstall and format the operating system on this machine. As of now, security experts suggest that a clean Reinstall then Reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state.

A Format right off the bat, without doing a reinstall is fine as well. However, a format is required to clear this infection.

Backup all your documents and important items (personal data, work documents, pictures etc..) only. DO NOT backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr or .html/.htm files by appending itself to the executable.

Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

More information on Virut can be found over here and here

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 PM

Posted 22 March 2009 - 05:35 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 PM

Posted 24 March 2009 - 03:11 PM

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users