Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

They keep coming back


  • Please log in to reply
13 replies to this topic

#1 Arlan947

Arlan947

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 12 May 2009 - 10:45 AM

Hello
For many years a succeeded in keeping my computers safe - then, not even a month ago, something surfaced. A Virut thing after I visited an insecure site.
If this can help, a few days before I had for the first time in my pc life installed a downloader program called Flashget-
Well I tried at first to clean up with Spybot and Spyware Doctor (who had not by the way intercepted the hostile item). But the machine had still a strange behaviour so I downloaded some Linux based Rescue CD .iso files (Kaspersky, BitDefender, WebDoctor), burned the CDs and went on scanning without Windows. Those found a wealth of infections by Trojans as well as by the Virut thing, so I kept cleaning and cleaning (desinfecting and/or deleting that is) until nothing more was found.
I then restarted Windows, uninstalled Flashget and installed Avast antivirus. Unfortunately when using my browser I started to get redirected to a "stolnik.net" whatever search I did. Plus Avast began to show infections spreading in the system by a "W32.Vitro" virus. So I tried again with the rescue CDs - Kaspersky found a couple issues but nothing else - and Avast still claiming I have the W32.Vitro everywhere.
At this point I used the VirutCF removal tool by Norton, but to no avail - there is no Virut infection in the machine.
I was beginning to get nervous so I downloaded the Combofix tool, disabled all and every anti-virus and -spyware - as requested - and tried to start Combofix: nothing happens, just a small progress bar fills up and nothing else.
Now I am stuck

OS is XP Media Center SP2
computer is a P4 with 2gig of RAM
IExplorer was ver 6 but now I have updated to IE7 hoping it could help
Protection software were:
Spyware Doctor with antivirus,Spybot S&D without TeaTimer
AdAware AnniversaryEdition
Windows Defender
Avast
ZoneAlarm free

what could I possibly do??
Thank you

BC AdBot (Login to Remove)

 


m

#2 RavenPhoenix

RavenPhoenix

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere, Nowhere
  • Local time:05:01 PM

Posted 12 May 2009 - 12:45 PM

If you truley have Virut the only real alternative is to do a complete wipe and reinstall. See boopme's post here:
http://www.bleepingcomputer.com/forums/ind...t&p=1260380
That will help you determine if you have virut, and if you do, what you need to do.

Edited by RavenPhoenix, 12 May 2009 - 12:51 PM.

Forum Skulker. Preventing Comp Nukes everywhere. :-)

#3 Arlan947

Arlan947
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 13 May 2009 - 02:27 AM

Thanks RavenPhoenix for the useful link - well I don't know if I really got a Virut infection, but that's what the antivirus said, as well as the symptoms.
Anyway I am afraid that by correcting/desinfecting/deleting files the system is going to be unstable and faulty soon so formatting and reinstalling is probably the best thing to do, since all important data were on an external USB disk that I have disconnected as soon as infection became apparent.
I hope to be able to succeed in doing that, as I never did it since when I bought the pc and I am a bit worried about recovering all the drivers and updates.

#4 RavenPhoenix

RavenPhoenix

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere, Nowhere
  • Local time:05:01 PM

Posted 13 May 2009 - 09:58 AM

Do you have a dell by chance?
Forum Skulker. Preventing Comp Nukes everywhere. :-)

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:01 PM

Posted 13 May 2009 - 10:11 AM

Win32:Vitro is another name (used by avast) for the Win32:Virut family of malware.

all important data were on an external USB disk that I have disconnected as soon as infection became apparent.

Some of your backed up data could have been infected before you became aware of the infection. With Virut infections there is always a chance of backed up data reinfecting your system. If the data is that important to you, then you can try to salvage some of it but there is no guarantee so be forwarded that you may have to start over again afterwards if reinfected. Only try to salvage important documents, personal data files, photos and put them on a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup or save any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.
Also see How to keep your Windows XP activation after clean install.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media.

If you need additional assistance with reformatting or have questions about multiple hard drives, you can start a new topic in the Windows XP Home and Professional forum. If you don't get a reply, please send me a PM and I will get someone to take a look.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Arlan947

Arlan947
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 13 May 2009 - 11:24 AM

No RavenPhoenix, the infected pc is a HP desktop (with a recovery partition) - the DELL portable is safe - why you ask?
Thank you Quietman7 for the infos and the links - I will follow those guidelines, in fact I have already scanned the data on the external drive more than once and they appear to be clean. However I will shred anything in scr exe or compressed format just to be on the safe side (by the way I had been backing up that external drive until recently (say a couple months ago) on another USB drive that usually sits disconnected except when i performed these backups. Now it's the time to not be sorry for always duplicating everything.

#7 RavenPhoenix

RavenPhoenix

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere, Nowhere
  • Local time:05:01 PM

Posted 13 May 2009 - 11:33 AM

Well if it was a dell, they usually have recovery partitions that will reformat and revert the computer back to factory, from POST. So no having to boot into windows to do it, or having to have a windows disc. I believe HP's have that too. Try holding down ctrl+f11 just after the post messages and before the XP "Splash" screen comes up. The benefit of doing this is that you don't have to worry about trying to find all the drivers and such. Updates are easy for windows, I did a reformat the other day and got all my updates downloaded and installed within two hours.

Edited by RavenPhoenix, 13 May 2009 - 11:33 AM.

Forum Skulker. Preventing Comp Nukes everywhere. :-)

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:01 PM

Posted 13 May 2009 - 11:40 AM

If you have an HP system, see:
HP Recovery.
[url="http://www.pctechbytes.com/hp-recovery.htm""]HP Recovery From Partition[/url].
HP Notebook PCs: Using HP Recovery Manager.
Performing an HP System Recovery in Windows Vista.
HP and Compaq Desktop PCs - Performing an HP System Recovery in Windows XP.
HP and Compaq Desktop PCs - Obtaining a Recovery CD or DVD set.

If the above does not pertain to your make/model, then contact HP Support/Customer Service. They have provided excellent service whenever I needed them.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 RavenPhoenix

RavenPhoenix

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere, Nowhere
  • Local time:05:01 PM

Posted 13 May 2009 - 12:05 PM

Thank you Quietman7 :-)
Forum Skulker. Preventing Comp Nukes everywhere. :-)

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:01 PM

Posted 13 May 2009 - 12:08 PM

:thumbsup: Teamwork.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Arlan947

Arlan947
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 13 May 2009 - 12:09 PM

Yes I have the recovery partition in the PC plus I have a set of recovery CDs too (just in case) and yes the HP support is very helpful-
I guess not being used to OS reinstalls I just have to overcome the feeling of throwing away everything

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:01 PM

Posted 13 May 2009 - 12:29 PM

I know how you feel. My hard drive went without warning a couple months ago and I had to replace it, then start from scratch and reinstall everything.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Arlan947

Arlan947
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 13 May 2009 - 01:30 PM

oww that's even worse, a failing hard drive
Well I will try and keep u posted!
Thanks for all the help for now :thumbsup:

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:01 PM

Posted 13 May 2009 - 02:15 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users