Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win.32Virut.56 DrWeb-cureit & ZoneAlarm Inter Securty Suite


  • Please log in to reply
6 replies to this topic

#1 Wolfman09

Wolfman09

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 28 July 2009 - 04:22 PM

After reading this forum I KNOW the Virut.56 is a killer once infected based on what I've read on this great forum.

First off the PC that got bit will NOT be used for accessing any personal, banking or important sites. It's mainly for web, downloading recording music to disc making videos and what not.

It was here I found DrWeb-Cure It and ran it yesterday in "Safe mode" and it picked up nearly 800 .exe infections. I must say the PC is working very well today and seems clean for what I need it for as stated above.

In safe mode only I ran it and it cured all and moved 1 of the many Virut.56 infections again pc is much better and I can finally access sites to update Windows which before I could not at all. I could not even access Malwarebytes site it was so bad.

I've not accessed any sites or the web thru any browser since Dr Web in safe except to update Windows.

My question relates to ZoneAlarm.

On another PC of mine that's clean I downloaded ZoneA Intrnt Secrty Suite and burned install files to a disc and loaded on my Infected PC.

After updating the Anti Virus and Anti Spyware I am now running ZAlrm and it's so far finding nearly 500 of Win32 Virut.ce which I'm sure is a diff name but same as the Virut.56?

So is Zone just picking up the "cured" files of DrWeb? I'm not running DrWeb as I ran it, cured and rebooted of course and back in normal mode now.

Guess I'm wondering what I should do with ZA once it's done. I hate to UNDUE anything DrWeb did and again things were running fine, or seem to be, even prior to running ZA I just thought I'd scan and see what ZA came up with.

Sorry about the long post just wnated to give as much info as possible.

Thank you for any suggestions and help.

James

P.S. I ordered Kaspersky on Disc today as I understand it's one of the best. It should arrive in 2-3 days.

BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 28 July 2009 - 05:48 PM

Save yourself a few $ and take a look here: http://www.bleepingcomputer.com/forums/topic3616.html. :thumbsup:

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,095 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 28 July 2009 - 06:27 PM

There are various strains of Virut. Please note that while you might be able to remove the infection there is no guarantee of that and there is still the problem of the damaged files.

Virut is a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). Virux is an even more complex file infector which can embed an iframe into the body of web-related files and infect script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of infection can vary.

The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.

CA Virus detail of W32/Virut

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.

AVG Overview of W32/VirutThis kind of infection is contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and an increasing source of system infection. However, the CA Security Advisor Research Blog says they have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:There is no guarantee this infection can be completely removed. In some instances it may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:Orange Blossom :thumbsup:

Edited by Orange Blossom, 28 July 2009 - 06:29 PM.
Clarify initial sentence. ~ OB

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#4 Wolfman09

Wolfman09
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 28 July 2009 - 08:30 PM

Save yourself a few $ and take a look here: http://www.bleepingcomputer.com/forums/topic3616.html. :thumbsup:


Appreciate that some good options however I decided if i'm going to wipe the pc clean and start from scratch as I figured that's what I'd have to do, I'd pay for the Kraspersky.

I found a place online that was affordable. Get a license to use it on 3 pc's and the disc is being sent my way. Cost about $28 including free shipping.

Here's a decent alternative as well and it's what I did for the time being...

I grabbed ZoneAlarm Internet Security Suite at no cost by accepting a trial pay pass of a product.

Soon as I signed up for the free 7 day trial at eMusic and then got the Zone Alarm registry key and access I dumped the trial offer and canceled. it.

Here's the site if anyone want to grab it. Not an affiliate or anything it's straight from Zone's site.

http://www.zonealarm.com/security/en-us/tr...-zass-trial.htm

Guess I'm going to have to figure out how to do this with his PC. I'm not very technical and a bit of learning disability so kind of slow in some ways but thank you for checking out my post.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:37 AM

Posted 29 July 2009 - 11:55 AM

In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.


2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.


If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Vista users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..

If you need additional assistance with reformatting or partitioning, you can start a new topic in the Windows XP Home and Professional forum.

Edited by boopme, 08 September 2010 - 06:08 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,588 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:01:37 AM

Posted 29 July 2009 - 08:53 PM

quietman7,
Please, in your green note, include Toshiba in the list of vendors who sell/sold XP but actually give a crippled recovery disk.
Some date back to XP-home SP1 requiring SP2 and SP3 and more patches to patches.

Also, not only you have no XP disk, you get numerous applications installed and have to spend months getting rid of them.

Thank you.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:37 AM

Posted 30 July 2009 - 08:16 AM

I have added Toshiba to my note for future reference.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users