Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected computer


  • Please log in to reply
1 reply to this topic

#1 kac57

kac57

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 01 April 2009 - 05:57 PM

I have an infected computer with xp os, Windows Defender, AVG Free 8, windows firewall and Advanced SystemCare 3. My son primarily uses this computer and downloads lots of music and visits sites like Face Book and My Space with Firefox. I have the security programs set to run daily and then run them manually once a week for updates and scans.

Sunday every time he attempted to go onto the internet, the browser would flash open and then close. After hours of searching the web, I finally came across information that this might be caused by malware and when I did a computer scan, it popped up that there was some malware and cleaned it. However the problem was not resolved and second scanned showed more malware. Downloaded Spybot and did a scan and more malware was detected and deleted however browsers would still not open and computer was getting very slow. Each time I ran AVG and Spybot, it would show new malware, delete it and then is would show up again. I was thinking maybe this is roachware and it is multiplying with each breath I take. So then tried online scanning on two sights, Bit Defender and another one I have used before and both showed malware but said it could not remove them all. I then found this sight and followed directions about using SuperAntiSpyware, Malwarebytes and ATF. I run the first one and clean things out, then the next and it gets rid of malware and then restarts and then I run the third and it finds more and deletes. Then I start over and more malware is found and it always seem it is different. So far I have deleted over 200 malware and have been involved in this cycle for two days.

Examples are Trojan.Agent/Gen-Reader_s, Rotkit.Agent/Gen-ETHDrop, from Super and mbam Trojan.Banker, Rootkit.Agent, Trojan.PWS, Malware.Trace, Trojan.Vundo.H, Trojan.Agent, Backdoor.Bot. After about the 15 scan I still have 6 registry keys infected, 6 registry vales infected, 4 registry data items infected, 1 folder infected and 17 files infected. At this point I am thinking it would be quicker to just reformat my computer but am concerned if I do I will still have this malware. Any ideas?

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:58 PM

Posted 01 April 2009 - 07:01 PM

C:\WINDOWS\System32\reader_s.exe


http://www.threatexpert.com/files/reader_s.exe.html

This is virut

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users