Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Virut.Z???


  • Please log in to reply
9 replies to this topic

#1 Wolfy87

Wolfy87

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:03:04 AM

Posted 21 April 2009 - 02:41 PM

Hello,
Every time i leave my computer idleing for too long my avg comes up with this alert:

C:\System Volume Information\_restore{726574A1-1B2E-4D39-85E9-0B53675C872C}\RP355\A0112333.exe

It never dose it while my computer is in use i.e. when programming or playing games it seems to only be onece my screen saver has come up (Microsofts starfield, im sure you know the one)

Thanks, Wolfy87.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:04 PM

Posted 22 April 2009 - 04:19 PM

Hi, Mbam won't help you here. That post is not good advise. You will need to reformat this PC,unfortunately.

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Wolfy87

Wolfy87
  • Topic Starter

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:03:04 AM

Posted 23 April 2009 - 10:50 AM

:thumbsup: Ok then *sniffle*, i have a terrabyte hard drive whice i have all of my coding on (thousands and thousands of lines!) can i store my most impotant things on there or will there be a risk of reinfection?

Thanks so much, Wolfy87.

#4 Wolfy87

Wolfy87
  • Topic Starter

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:03:04 AM

Posted 23 April 2009 - 10:55 AM

Oh and i have tryed MBam i have it along with Spybot S&D and SAS, they found nothing :thumbsup:

Thanks, Wolfy87.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:04 PM

Posted 23 April 2009 - 03:58 PM

I know it's like the only re[ly I hate to post... They won't find it and when they do it doesn't matter . It will be back.
Reformatting.. Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.
Or Darik's Boot And Nuke

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech

Of course also feel free to ask anything on this in the XP or Vista forum. They'd be glad to help.
==============================
2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe's, .scr, .com, .pif etc... as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Wolfy87

Wolfy87
  • Topic Starter

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:03:04 AM

Posted 24 April 2009 - 03:57 PM

Ok ive done a full format and reinstall of XP and all seems to be working fine, no AVG alerts etc, most of my stuff is now reinstalled, time to connect my 1tb hd and see if it reinfects...i sure hope not!

Thanks so much guys, Wolfy87.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:04 PM

Posted 24 April 2009 - 07:15 PM

Good luck and thanks for coming by.
Please take a moment to read quietman7's excellent prevention tips in post 17 here
Click>>Tips to protect yourself against malware and reduce the potential for re-infection:

Edited by boopme, 24 April 2009 - 07:16 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Wolfy87

Wolfy87
  • Topic Starter

  • Members
  • 414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:03:04 AM

Posted 25 April 2009 - 03:36 PM

Well i have AVG back up and running + Spybot S&D, MBAM and SAS so im quite protected :flowers:

Thanks alot guys, now i just have to spend weeks on end getting all of my software back :thumbsup:.

Thanks, Wolfy87.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:04 PM

Posted 25 April 2009 - 09:51 PM

You are welcome,glad to have helped.. Here is some very useful info by our Global Mod quietman7...See post 16.
http://www.bleepingcomputer.com/forums/ind...unter&st=15
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:04 PM

Posted 25 April 2009 - 09:58 PM

time to connect my 1tb hd and see if it reinfects...i sure hope not!


when I first saw this thread and that statement i wondered if kasp online would scan the drive

If you select folder instead of My Computer you can scan an external drive, I checked

Let's run an online virus scan called Kaspersky or KAV for short

http://www.kaspersky.com/virusscanner

using Internet Explorer.

Please disable your resident Antivirus before performing the scan and re-enable it afterward.

Choose the online scanner option

1. At the main page. Press on "Accept". After reading the contents.
2. At the next window Select Update. Allow the Database to update.
Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
4. Select Scan Report.
5. If any threats were found they will appear in the report
6. Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.

Expect it to take a long time, but it's very good and should detect virut infected files

A good second opinion
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users