Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 Derrick Atkinson

Derrick Atkinson

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 25 May 2009 - 04:35 AM

Hi,
The topic was started in http://www.bleepingcomputer.com/forums/ind...p;#entry1275793
See for logs and more info.

There is not much info on this virus from searches. The virus sends a pop up about every 15 minutes that displays a web page offering medicine.
//85.114.141.207/meds/. This is annoying also it has slowed down my PC and I cannot connect to certain web sites .I disconnected from the Internet and the popup continues. I continue to get alert messages from Sophos that it is deleting infected files.
I have tried Sophos Antivirus ,Malwarebytes and Adaware.They found Antivirus Pro another scam and deleted it.
I am running Win XP sp2 ,broadband Internet,Win firewall is updated using IE 7 and Firefox browsers both infected.
Hope you can help.



See DDS file below and Attachment.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Derrick Atkinson at 10:00:14.70 on 25/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.353.1033.18.511.238 [GMT 1:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\ctfmon.exe
svchost.exe
c:\windows\system32\rundll32.exe
c:\docume~1\derric~1\desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
mDefault_Page_URL = hxxp://ie.msn.com
mStart Page =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\msconfig.exe /auto
dRun: [svc] c:\program files\thunmail\testabd.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: ivao.aero\www.ie
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: sophos.com
AppInit_DLLs: c:\progra~1\sophos\sophos anti-virus\detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll,c:\progra~1\thunmail\testabd.dll,c:\progra~1\sophos\sophos anti-virus\sophos_detoured.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - No File
STS: {2016a466-91a2-43c6-97d8-2fd380f065ef} - No File
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\derric~1\applic~1\mozilla\firefox\profiles\8rc8etw7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ie.msn.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R0 878BDA;DVB-TV 878 BDA Driver;c:\windows\system32\drivers\878BDA.sys [2007-9-1 86016]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-30 64160]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-5-18 160792]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-5-21 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-5-21 38528]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 34816]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2008-9-22 90112]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-8-21 118784]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [2009-1-10 300544]
R3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\drivers\chdrvr01.sys [2008-12-17 219072]
R3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\drivers\chdrvr02.sys [2008-12-17 5120]
R3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\drivers\chdrvr03.sys [2008-12-17 8704]
R3 DtvAudio;DtvAudio;c:\windows\system32\drivers\DtvAudio.sys [2007-9-1 10330]
R3 DtvVideo;DtvVideo;c:\windows\system32\drivers\DtvVideo.sys [2007-9-1 26730]
R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006]
S0 jbge;jbge;c:\windows\system32\drivers\vukhb.sys --> c:\windows\system32\drivers\vukhb.sys [?]
S0 jnzkgpsu;jnzkgpsu;c:\windows\system32\drivers\nbsvfx.sys --> c:\windows\system32\drivers\nbsvfx.sys [?]
S2 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?]
S2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 34816]
S2 port135sik;port135sik;\??\c:\windows\system32\drivers\port135sik.sys --> c:\windows\system32\drivers\port135sik.sys [?]
S2 sdauxservice;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsauxs.exe --> c:\program files\spyware doctor\pctsAuxs.exe [?]
S2 sdcoreservice;PC Tools Security Service;c:\program files\spyware doctor\pctssvc.exe --> c:\program files\spyware doctor\pctsSvc.exe [?]
S2 securentm;securentm;\??\c:\windows\system32\drivers\securentm.sys --> c:\windows\system32\drivers\securentm.sys [?]
S3 AWNPF;Any@Web Network Packet Filter;c:\windows\system32\drivers\awnpf.sys --> c:\windows\system32\drivers\awnpf.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 953168]
S3 naecd;naecd;\??\c:\docume~1\derric~1\locals~1\temp\naecd.sys --> c:\docume~1\derric~1\locals~1\temp\naecd.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4 30336]
S3 VPNET;DTVNet Ethernet Controller;c:\windows\system32\drivers\DTVNet.sys [2007-8-31 19712]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-5-21 14976]

=============== Created Last 30 ================

2009-05-22 10:54 29,904 a------- c:\windows\system32\30.tmp
2009-05-22 10:54 1 a------- c:\windows\system32\2F.tmp
2009-05-22 10:54 84 a------- c:\windows\system32\2E.tmp
2009-05-22 09:35 1 a------- c:\windows\system32\15.tmp
2009-05-22 09:35 84 a------- c:\windows\system32\14.tmp
2009-05-21 23:39 598 a------- c:\windows\system32\urhtps.dat
2009-05-21 23:39 112 a------- c:\windows\system32\srvblck2.tmp
2009-05-21 18:54 <DIR> --d----- c:\windows\system32\UAs
2009-05-21 17:27 <DIR> --d----- c:\windows\system32\xmldm
2009-05-21 17:27 <DIR> --d----- c:\windows\system32\cock
2009-05-21 16:23 130,104 a------- c:\windows\system32\sdccoinstaller.dll
2009-05-21 14:40 <DIR> --d----- c:\program files\common files\Cisco Systems
2009-05-21 14:38 23,552 a------- c:\windows\system32\SophosBootTasks.exe
2009-05-21 14:37 <DIR> --d----- c:\program files\Sophos
2009-05-21 14:25 21,504 a------- c:\windows\system32\nsysp.ini
2009-05-21 14:25 20,815 a------- c:\windows\system32\wincode.dat
2009-05-21 14:25 17,408 a------- c:\windows\system32\osysp.dat
2009-05-21 14:25 6,394 a------- c:\windows\system32\krncode.dat
2009-05-21 14:25 1,575 a------- c:\windows\system32\pwrcode.dat
2009-05-21 14:25 993,792 a------- c:\windows\system32\nsysk.ini
2009-05-21 14:25 989,696 a------- c:\windows\system32\osysk.dat
2009-05-21 14:25 830,464 a------- c:\windows\system32\nsysw.ini
2009-05-21 14:25 826,368 a------- c:\windows\system32\osysw.dat
2009-05-21 14:25 29,904 a------- c:\windows\system32\ldshyf1.old
2009-05-21 13:33 110,848 a------- c:\windows\system32\drivers\savonaccesscontrol.sys
2009-05-21 13:33 38,528 a------- c:\windows\system32\drivers\savonaccessfilter.sys
2009-05-21 13:33 14,976 a------- c:\windows\system32\drivers\SophosBootDriver.sys
2009-05-21 13:33 <DIR> --d----- C:\escwsa
2009-05-20 20:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-20 20:15 <DIR> --d----- c:\docume~1\derric~1\applic~1\SUPERAntiSpyware.com
2009-05-20 12:15 409,600 a------- c:\windows\system32\cmd.execf
2009-05-20 12:05 <DIR> --d----- C:\VundoFix Backups
2009-05-19 10:27 <DIR> --d----- c:\docume~1\derric~1\applic~1\Malwarebytes
2009-05-19 10:26 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-19 10:26 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 10:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-19 10:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-18 23:15 178,688 a------- c:\windows\system32\tpsaxyd.exe
2009-05-18 18:42 160,792 a------- c:\windows\system32\drivers\pctfw2.sys
2009-05-18 18:41 <DIR> --d----- c:\program files\common files\PC Tools
2009-05-18 18:38 <DIR> --d----- c:\docume~1\derric~1\applic~1\GetRightToGo
2009-05-18 14:59 <DIR> --dshr-- c:\program files\ThunMail
2009-05-18 14:55 182,656 ac------ c:\windows\system32\dllcache\ndis.sys
2009-05-18 14:55 0 a--shr-- C:\kht
2009-05-18 14:55 2 a------- C:\-1737627928
2009-05-18 14:55 41,000 ----h--- c:\documents and settings\derrick atkinson\Derrick Atkinson.exe
2009-05-18 14:51 2,329 a--shr-- c:\windows\system32\autorun.i
2009-05-18 14:51 984 a--shr-- c:\windows\system32\autorun.in
2009-04-28 09:35 765,952 a------- c:\windows\system32\xvidcore.dll
2009-04-28 09:35 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-04-28 09:35 77,824 a------- c:\windows\system32\xvid.ax
2009-04-28 09:35 <DIR> --d----- c:\program files\Xvid
2009-04-27 19:33 <DIR> --d----- c:\docume~1\derric~1\applic~1\DriverCure
2009-04-27 19:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-04-27 19:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverCure
2009-04-27 10:41 <DIR> --d----- c:\documents and settings\derrick atkinson\temp
2009-04-27 10:05 <DIR> --d----- c:\windows\system32\Microsoft.VC80.CRT
2009-04-27 10:05 <DIR> --d----- c:\program files\UVC Video Camera
2009-04-27 09:55 20,992 ac------ c:\windows\system32\dllcache\dshowext.ax
2009-04-27 09:55 20,992 a------- c:\windows\system32\dshowext.ax

==================== Find3M ====================

2009-05-22 18:06 21,504 a------- c:\windows\system32\powrprof.dll
2009-05-22 18:06 830,464 a------- c:\windows\system32\wininet.dll
2009-05-22 09:36 993,792 a------- c:\windows\system32\sysk.tmp
2009-05-22 09:36 830,464 a------- c:\windows\system32\sysw.tmp
2009-05-22 09:36 21,504 a------- c:\windows\system32\sysp.tmp
2009-05-18 14:55 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-05-18 14:55 34,816 a------- c:\windows\system32\svchost.exe
2009-04-24 13:03 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2008-08-17 13:01 6,656 a--sh--- c:\program files\Thumbs.db
2007-10-21 10:55 791 a------- c:\program files\FSC_Info.LOG
2007-10-21 10:55 119 a------- c:\program files\URLIVAO.INI
2007-10-21 10:55 0 a------- c:\program files\magvar09.swf
2007-10-21 10:54 84 a------- c:\program files\fscdbmanager.ini
2007-10-21 10:54 1,016,035 a------- c:\program files\FSCDBM_FS09.LOG
2007-10-21 10:44 2,212 a------- c:\program files\FSC81_INSTALL.LOG
2007-04-16 08:11 3,125,248 a------- c:\program files\FSC81.exe
2007-04-06 08:10 3,331,505 a------- c:\program files\Fsc.hlp
2007-04-06 08:10 754,352 a------- c:\program files\Fscdb.hlp
2007-04-06 08:10 229,376 a------- c:\program files\FSCDbManager81.exe
2007-04-06 08:10 45,056 a------- c:\program files\FSCFSXCFG.exe
2007-04-06 08:10 8,051 a------- c:\program files\Fsc81liesmich.txt
2007-04-06 08:10 6,982 a------- c:\program files\Fsc81readme.txt
2007-04-06 08:10 3,410 a------- c:\program files\Fsc.cnt
2007-04-06 08:10 766 a------- c:\program files\FSC.ico
2006-10-23 17:13 415 a------- c:\program files\AltDVB.INI
2006-10-23 17:05 80 a------- c:\program files\SKYSTAR-2.com.url
2006-10-23 01:03 5,434 a------- c:\program files\Changes.txt
2007-02-19 06:57 61 ---sh--- c:\windows\cnerolf.dat

============= FINISH: 10:01:05.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 PM

Posted 07 June 2009 - 09:08 AM

Hi!

Welcome to Bleeping Computer. My name is etavares and I will be helping you with your log.

Please give me a little time to go through your log. I'd also like to let you know that I am in training here at BC. At each stage of the process, my work will be checked by an expert coach. That means there may be a slight delay between my responses as they check it. Don't worry, we won't leave you.


Here's a few things to get started:
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
  • In your reply, please post an updated DDS log so we have the most up to date information. Please also let me know any symptoms your computer is showing.

The forum is busy and we need to have replies as soon as possible.

Thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:57 PM

Posted 08 June 2009 - 05:05 PM

Hi Derrick Atkinson:

I have some really bad news. In addition to other malware, your computer is infected with Virut!!

Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

Virut also has IRC bot functionality. It can infect all the executable, screensaver and HTML files (.exe, .scr, .htm and .html) on your computer. However, there are a number of bugs in the code for this virus. As a result, it may misinfect some of the executable files and corrupt them beyond repair. Other times, it will destroy the file it tries to infect.

For these reasons, we can never truly fix Virut. You'll need to format and reinstall the operarting system on this machine. Security experts believe a Clean Reformat is the only way to return the system to its normal working state.

Before formatting, backup all your personal documents such as pictures, documents, personal data, etc. only. DO NOT backup any executable files (software, programs), screen savers (*.scr) or any web pages (*.html or *.htm). Virut attempts to infect these files by appending itself to them. As a result, if you backup those files, you have a chance of possible Virut reinfection. Please also be careful backing up compressed files (zip, rar, etc.) that have EXE, SCR, HTM or HTML files in them.

More information on Virut can be found here and here.


-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 14 June 2009 - 06:57 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users