Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplorer redirects


  • Please log in to reply
7 replies to this topic

#1 willy68

willy68

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 13 March 2009 - 10:51 AM

for the last couple of days my internet browser has been redirecting. i cant access microsoft update or download anything from microsoft. it changes my display settings from the blue outlines to the tan outlines . i get svchost.exe application error the instruction at "0x75606eb5" referenced memory at "0x00000008". the memory could not be "read" click ok to terminate the program. there are 3 cookies that are being blocked http://js.doubleclick.net/main.js?i=52DABE.../c-porn%20tube/ and http://66.230.188.250/click.php?c=7efd39e9...0d096cc682a7f00

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:33 AM

Posted 13 March 2009 - 03:21 PM

Hello and welcome .. I need you to do this so we can tell exactly what you have here.
Please search your drive for ctfmon.exe
Next upload the file(s) to Virus Total
Post there reply here,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 willy68

willy68
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 13 March 2009 - 03:39 PM

found the file in 2 places /windows/system32 and x/windows/servicepackfiles/i386 tried to run both files and nothing happens just a blink or flash on the monitor and nothing.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:33 AM

Posted 13 March 2009 - 03:46 PM

Sorry willy,this confirms some bad news.. You will have to wipe the drive.

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 willy68

willy68
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 13 March 2009 - 04:08 PM

thats what i was afraid of just thought i would see if it could be fixed a different way. THANKS FOR THE HELP

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:33 AM

Posted 13 March 2009 - 05:34 PM

You're welcome I wish I had another option for you.

Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech

Of course also feel free to ask anything on this in the XP forum. They'd be glad to help.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 iearldtg

iearldtg

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 13 March 2009 - 08:14 PM

Heres an extra option try using this tool from avg however this is a polymorphic virus so I would do what boopme suggests.
Avg virut removal tool
you might not remove it but its worth a try.

BTW:Virut is polymorhic which uses polymorhic code.Polymorphic code is code that mutates while keeping the original algorithm intact.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:33 AM

Posted 13 March 2009 - 09:32 PM

To iearldtg

BTW:Virut is polymorhic which uses polymorhic code.Polymorphic code is code that mutates while keeping the original algorithm intact.

see post 4.

To both of you from Miekiemoes blog entry mentioned above....

It's a pity to see that so many people are struggling with it and whatever they try, nothing helps. Then they ask for support via the forums and in a lot of cases, the one who is helping/guiding won't give up either and posts a new set of instructions to deal with this one.
Unfortunately another failure as result, so again, new instructions are posted... and this may go on and on...sometimes for weeks....
Is this responsible?
I'm not saying it fails everytime, but from what I have seen so far and especially if you're helping someone else with this infection... don't guarantee them a "clean" and errorfree computer afterwards .

In anyway, that's how I see it. Imho, dealing with such infections is a waste of time and that's why I prefer the fastest and safest solution - which is a format and reinstall
.

Edited by boopme, 13 March 2009 - 09:33 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users