Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help Diagnose my computer


  • This topic is locked This topic is locked
4 replies to this topic

#1 Niku5himi

Niku5himi

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 15 May 2009 - 11:40 PM

Hi! My computer is suddenly swarmed by unknown processes which I believed to be viruses or malwares. I have no idea why since I was using it prefectly fine yesterday. However, when I turn it on today it has a lot of unknown processes running in the background. Please help, thanks you very much.


DDS (Ver_09-05-14.01) - NTFSx86
Run by crystal at 9:35:32.04 on Fri 05/15/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.511.177 [GMT 3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\TEMP\tak2.tmp
C:\bmbfh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\crystal\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = pepsi_labeb Internet Explorer
uStart Page = hxxp://www.ask.com?o=1607
uLocal Page = \blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Shell=Explorer.exe "c:\windows\inf\Systemfile.dll.vbs"
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: c:\windows\system32\jkshfuiehi.dll: {c2ba40a1-74f3-42bd-f434-12345a2c8953} - c:\windows\system32\jkshfuiehi.dll
mRun: [20740] C:\bmbfh.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Diagnostic Manager] c:\windows\temp\624864224.exe
dRun: [ptidle] "c:\documents and settings\crystal\application data\ptidle\ptidle.exe" 61A847B5BBF728103B9D3B466188719AB689201522886B092CBD44BD8689220221DD3257
dRunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: Nofolderoptions = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {31492DE1-940F-49DD-8F06-5AE2715C23FC} = 68.94.156.1,68.94.157.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
Notify: __c0036F81 - c:\windows\system32\__c0036F81.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\jkshfuiehi.dll: {c2ba40a1-74f3-42bd-f434-12345a2c8953} - c:\windows\system32\jkshfuiehi.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\crystal\applic~1\mozilla\firefox\profiles\kk0px398.default\
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-15 64160]
R2 ABPMN501.SYS;ABPMN501.SYS;c:\windows\system32\drivers\AbpMn501.sys [2003-1-4 6432]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]

=============== Created Last 30 ================

2009-05-15 09:25 <DIR> --d----- c:\program files\Trend Micro
2009-05-15 09:15 <DIR> --d----- c:\docume~1\crystal\applic~1\ptidle
2009-05-15 09:12 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-15 08:48 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-15 08:42 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-15 05:23 84 a------- c:\windows\system32\4.tmp
2009-05-15 05:23 1 a------- c:\windows\system32\7.tmp
2009-05-15 03:17 1 a------- c:\windows\system32\3C.tmp
2009-05-15 03:17 84 a------- c:\windows\system32\3B.tmp
2009-05-15 01:52 <DIR> --d----- C:\videocard tester
2009-05-15 00:26 99 a------- C:\xcrashdump.dat
2009-05-15 00:16 1 a------- c:\windows\system32\6.tmp
2009-05-15 00:16 84 a------- c:\windows\system32\5.tmp
2009-05-15 00:16 110,588 a------- c:\windows\system32\drivers\c2675458.sys
2009-05-15 00:15 78,228 a------- C:\lsass.exe
2009-05-15 00:15 43,104 a------- c:\windows\system\svchost.exe
2009-05-15 00:15 27,648 a------- c:\windows\system32\__c008FE10.dat
2009-05-15 00:13 78,228 a------- C:\bmbfh.exe
2009-05-15 00:13 40,448 a------- C:\jebd.exe
2009-05-15 00:13 27,648 a------- c:\windows\system32\__c00D9B9F.dat
2009-05-15 00:12 1 a------- c:\windows\system32\3.tmp
2009-05-15 00:12 84 a------- c:\windows\system32\2.tmp
2009-05-14 22:14 31,232 a------- C:\ueksxwdu.exe
2009-05-14 22:14 27,648 a------- c:\windows\system32\__c0072887.dat
2009-05-14 22:14 57,856 a------- C:\ijvr.exe
2009-05-14 22:14 1 a------- c:\windows\system32\40A.tmp
2009-05-14 22:14 84 a------- c:\windows\system32\409.tmp
2009-05-14 22:14 269,824 a------- c:\windows\AV.EXE
2009-05-14 22:14 110,588 a------- c:\windows\system32\drivers\d0730ffa.sys
2009-05-14 22:14 <DIR> --dshr-- c:\program files\ThunMail
2009-05-14 22:14 37,376 a------- c:\windows\system32\SYS32DLL.exe
2009-05-14 22:14 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-05-14 22:14 35,328 ----h--- c:\windows\pp07.exe
2009-05-14 22:14 2 ----h--- c:\windows\t55ft3189f44.dat
2009-05-14 22:14 <DIR> --d----- c:\windows\system32\796525
2009-05-14 22:13 0 a------- c:\windows\system32\drivers\beep.sys
2009-05-14 22:13 39,424 ----h--- c:\windows\ld08.exe
2009-05-14 22:13 182,912 a------- c:\windows\system32\dllcache\ndis.sys
2009-05-14 22:13 60,929 a------- c:\windows\system32\reader_s.exe
2009-05-14 22:13 60,929 a------- c:\documents and settings\crystal\reader_s.exe
2009-05-14 22:13 42,496 a------- C:\vfmf.exe
2009-05-14 22:13 2 a------- C:\1418507626
2009-05-14 22:13 15,000 a------- c:\windows\system32\jkshfuiehi.dll
2009-05-14 22:13 27,648 a------- c:\windows\system32\__c0036F81.dat
2009-05-14 22:13 57,856 a------- C:\rcsvblgb.exe
2009-05-12 20:57 <DIR> --d----- c:\program files\common files\3DO Shared
2009-05-12 20:57 <DIR> --d----- c:\program files\3DO
2009-05-04 09:01 <DIR> --d----- c:\program files\Uniblue
2009-05-04 09:01 <DIR> --d----- c:\docume~1\crystal\applic~1\Uniblue
2009-05-04 09:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-05-04 08:43 1,047,552 a------- c:\windows\system32\mfc71u.dll
2009-05-04 08:43 <DIR> --d----- c:\program files\WinMerge
2009-05-04 08:42 <DIR> --d----- c:\program files\Iarsn
2009-05-04 08:18 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-05-04 08:15 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-23 03:53 <DIR> --d----- c:\program files\Wallpaper Master
2009-04-23 03:23 <DIR> --d----- c:\program files\Tales of Pirates Online
2009-04-20 13:31 <DIR> --d----- C:\Manga

==================== Find3M ====================

2009-05-15 07:29 90,112 a------- c:\windows\DUMPa2a8.tmp
2009-05-15 05:20 90,112 a------- c:\windows\DUMPa047.tmp
2009-05-15 00:12 90,112 a------- c:\windows\DUMP65be.tmp
2009-05-14 22:13 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-03-20 19:54 68,814 a------- c:\windows\War3Unin.dat
2009-01-05 17:55 154 a------- c:\documents and settings\crystal\2359250.BAT
2009-01-05 17:53 154 a------- c:\documents and settings\crystal\2257656.BAT
2009-01-05 17:43 154 a------- c:\documents and settings\crystal\1652625.BAT
2009-01-05 17:33 154 a------- c:\documents and settings\crystal\1046234.BAT
2009-01-05 17:23 152 a------- c:\documents and settings\crystal\442843.BAT
2009-01-04 20:30 152 a------- c:\documents and settings\crystal\396546.BAT
2008-12-27 23:00 154 a------- c:\documents and settings\crystal\2071156.BAT
2008-12-27 22:50 154 a------- c:\documents and settings\crystal\1468093.BAT
2008-12-27 22:40 152 a------- c:\documents and settings\crystal\861796.BAT
2008-12-27 22:32 152 a------- c:\documents and settings\crystal\358109.BAT
2008-12-26 16:30 156 a------- c:\documents and settings\crystal\18150765.BAT
2008-12-26 16:20 156 a------- c:\documents and settings\crystal\17547843.BAT
2008-12-26 16:10 156 a------- c:\documents and settings\crystal\16944843.BAT
2008-12-26 16:00 156 a------- c:\documents and settings\crystal\16341843.BAT
2008-12-26 15:49 156 a------- c:\documents and settings\crystal\15738890.BAT
2008-12-26 15:39 156 a------- c:\documents and settings\crystal\15135812.BAT
2008-12-26 15:29 156 a------- c:\documents and settings\crystal\14532703.BAT
2008-12-26 15:19 156 a------- c:\documents and settings\crystal\13929687.BAT
2008-12-26 15:09 156 a------- c:\documents and settings\crystal\13326671.BAT
2008-12-26 14:59 156 a------- c:\documents and settings\crystal\12723453.BAT
2008-12-26 14:49 156 a------- c:\documents and settings\crystal\12120453.BAT
2008-12-26 14:39 156 a------- c:\documents and settings\crystal\11517500.BAT
2008-12-26 14:29 156 a------- c:\documents and settings\crystal\10914453.BAT
2008-12-26 14:19 156 a------- c:\documents and settings\crystal\10311390.BAT
2008-12-26 14:09 154 a------- c:\documents and settings\crystal\9708312.BAT
2008-11-27 23:33 154 a------- c:\documents and settings\crystal\7157156.BAT
2008-11-27 23:23 154 a------- c:\documents and settings\crystal\6552234.BAT
2008-11-27 23:13 154 a------- c:\documents and settings\crystal\5947468.BAT
2008-11-27 23:03 154 a------- c:\documents and settings\crystal\5344062.BAT
2008-11-27 22:53 154 a------- c:\documents and settings\crystal\4740312.BAT
2008-11-27 22:42 154 a------- c:\documents and settings\crystal\4136781.BAT
2008-11-27 20:59 156 a------- c:\documents and settings\crystal\31160843.BAT
2008-11-27 20:49 156 a------- c:\documents and settings\crystal\30557343.BAT
2008-11-27 20:39 156 a------- c:\documents and settings\crystal\29953906.BAT
2008-11-27 20:23 156 a------- c:\documents and settings\crystal\29022515.BAT
2008-11-27 20:13 156 a------- c:\documents and settings\crystal\28419031.BAT
2008-11-27 20:03 156 a------- c:\documents and settings\crystal\27815625.BAT
2008-11-27 19:53 156 a------- c:\documents and settings\crystal\27212203.BAT
2008-11-27 19:43 156 a------- c:\documents and settings\crystal\26608656.BAT
2008-11-27 19:33 156 a------- c:\documents and settings\crystal\26005140.BAT
2008-11-27 12:08 156 a------- c:\documents and settings\crystal\94891265.BAT
2008-11-27 11:58 156 a------- c:\documents and settings\crystal\94287937.BAT
2008-11-27 11:47 156 a------- c:\documents and settings\crystal\93684640.BAT
2008-11-27 11:37 156 a------- c:\documents and settings\crystal\93081328.BAT
2008-11-27 11:27 156 a------- c:\documents and settings\crystal\92477968.BAT
2008-11-27 11:17 156 a------- c:\documents and settings\crystal\91870515.BAT
2008-11-27 11:07 156 a------- c:\documents and settings\crystal\91278531.BAT
2008-11-27 10:58 156 a------- c:\documents and settings\crystal\90734875.BAT
2008-11-27 10:57 156 a------- c:\documents and settings\crystal\90672921.BAT
2008-11-27 10:48 156 a------- c:\documents and settings\crystal\90129515.BAT
2008-11-27 10:47 156 a------- c:\documents and settings\crystal\90069546.BAT
2008-11-27 10:38 156 a------- c:\documents and settings\crystal\89524062.BAT
2008-11-27 10:37 156 a------- c:\documents and settings\crystal\89466218.BAT
2008-11-27 10:28 156 a------- c:\documents and settings\crystal\88918796.BAT
2008-11-27 10:27 156 a------- c:\documents and settings\crystal\88862843.BAT
2008-11-27 10:18 156 a------- c:\documents and settings\crystal\88315937.BAT
2008-11-27 10:17 156 a------- c:\documents and settings\crystal\88257875.BAT
2008-11-27 10:08 156 a------- c:\documents and settings\crystal\87709171.BAT
2008-11-27 10:07 156 a------- c:\documents and settings\crystal\87649906.BAT
2008-11-27 09:58 156 a------- c:\documents and settings\crystal\87104328.BAT
2008-11-27 09:57 156 a------- c:\documents and settings\crystal\87043218.BAT
2008-11-27 09:48 156 a------- c:\documents and settings\crystal\86497734.BAT
2008-11-27 09:47 156 a------- c:\documents and settings\crystal\86437890.BAT
2008-11-27 09:38 156 a------- c:\documents and settings\crystal\85891078.BAT
2008-11-27 09:37 156 a------- c:\documents and settings\crystal\85833031.BAT
2008-11-27 09:27 156 a------- c:\documents and settings\crystal\85284687.BAT
2008-11-27 09:26 156 a------- c:\documents and settings\crystal\85226156.BAT
2008-11-27 09:17 156 a------- c:\documents and settings\crystal\84680328.BAT
2008-11-27 09:16 156 a------- c:\documents and settings\crystal\84618859.BAT
2008-11-27 09:07 156 a------- c:\documents and settings\crystal\84074796.BAT
2008-11-27 09:06 156 a------- c:\documents and settings\crystal\84012265.BAT
2008-11-27 08:57 156 a------- c:\documents and settings\crystal\83470062.BAT
2008-11-27 08:56 156 a------- c:\documents and settings\crystal\83405406.BAT
2008-11-27 08:47 156 a------- c:\documents and settings\crystal\82865062.BAT
2008-11-27 08:46 156 a------- c:\documents and settings\crystal\82799015.BAT
2008-11-27 08:37 156 a------- c:\documents and settings\crystal\82260312.BAT
2008-11-27 08:36 156 a------- c:\documents and settings\crystal\82190781.BAT
2008-11-27 08:27 156 a------- c:\documents and settings\crystal\81656359.BAT
2008-11-27 08:26 156 a------- c:\documents and settings\crystal\81582250.BAT
2008-11-27 08:17 156 a------- c:\documents and settings\crystal\81050093.BAT
2008-11-27 08:16 156 a------- c:\documents and settings\crystal\80978328.BAT
2008-11-27 08:07 156 a------- c:\documents and settings\crystal\80443937.BAT
2008-11-27 08:06 156 a------- c:\documents and settings\crystal\80373656.BAT
2008-11-27 07:57 156 a------- c:\documents and settings\crystal\79837562.BAT
2008-11-27 07:56 156 a------- c:\documents and settings\crystal\79768828.BAT
2008-11-27 07:47 156 a------- c:\documents and settings\crystal\79232812.BAT
2008-11-27 07:45 156 a------- c:\documents and settings\crystal\79164109.BAT
2008-11-27 07:37 156 a------- c:\documents and settings\crystal\78628625.BAT
2008-11-27 07:35 156 a------- c:\documents and settings\crystal\78557312.BAT
2008-11-27 07:26 156 a------- c:\documents and settings\crystal\78022343.BAT
2008-11-27 07:25 156 a------- c:\documents and settings\crystal\77952687.BAT
2008-11-27 07:16 156 a------- c:\documents and settings\crystal\77417703.BAT
2008-11-27 07:15 156 a------- c:\documents and settings\crystal\77346312.BAT
2008-11-27 07:05 156 a------- c:\documents and settings\crystal\76741109.BAT
2008-11-27 06:56:44 A------- 156 c:\documents and settings\crystal\76212000.BAT

============= FINISH: 9:35:57.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 PM

Posted 16 May 2009 - 10:22 AM

Hi niku5himi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert coach before I post so there may be a slight delay. Don't worry I won't abandon you.
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 2 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Niku5himi

Niku5himi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:06 PM

Posted 16 May 2009 - 02:32 PM

Hi m0le, I'm still here and still being bothered with the virus so I hope you can get back to me soon. Thanks you very much.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:06 PM

Posted 16 May 2009 - 07:55 PM

Hi niku5himi,

I have bad news :thumbup2:

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.


However,

If you insist on trying to fix this infection instead of following our advice to reformat and reinstall your operating system, there are various rescue disks available from major anti-virus vendors which you can try. Keep in mind, even the vendors like Kaspersky say there is no guarantee that some files will not get corrupted during the disinfection process. In the end most folks end up reformatting out of frustration after spending hours attempting to repair and remove infected files. IMO the safest and easiest thing to do is just reformat and reinstall Windows.

Bleeping Computer DOES NOT assume any responsibility for your attempt to repair this infection using any of the following tools. You do this at your own risk and against our advice.

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

My advice to you, niku5himi, is to reformat and reinstall. Virut is a nasty and relatively new infection and no-one can promise that the fix will work completely. Bleeping Computer does not recommend that you attempt it.

If you have an questions then go ahead :)
Posted Image
m0le is a proud member of UNITE

#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:06 PM

Posted 23 May 2009 - 08:08 AM

Since this issue has been resolved this topic is now closed.
If you need this topic reopened then please pm a staff member with a link to this topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users