Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virut Detected, course of action?


  • Please log in to reply
3 replies to this topic

#1 IGnorerant

IGnorerant

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 18 April 2009 - 05:56 PM

Hey,

Virut was detected via A-squared free and Spyware Terminator. Nothing has been found since. Is Xp compromised? Because of its characteristics, would a system restore be too easy a fix, or would a re-install be necessary? My pc runs fine, I haven't noticed any differences. Just that I read about virut and it sounded like once it hits, you're screwed.

Here's some pics of the detections:
http://i673.photobucket.com/albums/vv97/IG...tInfection1.jpg
http://i673.photobucket.com/albums/vv97/IG...tinfection2.jpg
http://i673.photobucket.com/albums/vv97/IG...tinfection3.jpg
http://i673.photobucket.com/albums/vv97/IG...rutSoundman.jpg

Why is it connected to SOUNDMAN.EXE
I run ESET smart security, Spyware Terminator for real time and scan with Spybot and A-squared free. Please suggest any programs that are good at blocking these types of intrustions or for tightening up my security. Is it my fault (from something I installed) and not the gaps in security?
Thanks for all advice and help. You need more info, please ask.

Edited by IGnorerant, 18 April 2009 - 05:58 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:23 PM

Posted 18 April 2009 - 10:41 PM

hi they were a bit hard to see. But I did see Virut and I have some bad news.

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.

^^^^^^^^^^^^^
Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.
Or Darik's Boot And Nuke

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech

Of course also feel free to ask anything on this in the XP forum. They'd be glad to help.
==============================
2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe's, .scr, .com, .pif etc... as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 IGnorerant

IGnorerant
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 19 April 2009 - 09:44 PM

thanks,will do

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:23 PM

Posted 19 April 2009 - 10:53 PM

You're most welcome, please take a moment to read quietman7's excellent prevention tips in post 17 here
Click>>Tips to protect yourself against malware and reduce the potential for re-infection:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users