Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combofix issue


  • This topic is locked This topic is locked
5 replies to this topic

#1 richcamlin

richcamlin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 28 October 2009 - 04:39 PM

I've tried several times to get combofix to install (as instructed by the "techsupporforum" team, who directed me to your forum) each time I get the attached message, which basically says that the install is compromised.

I have disabled all virus programs and closed all other programs before installing and running as instructed by bleepingcomputer.

Any suggestions.??

thanks
rc

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:26 AM

Posted 28 October 2009 - 07:44 PM

Hi Richcamlin,

Combofix will not run if it detects this very dangerous and damaging virus.

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.

Edited by m0le, 28 October 2009 - 07:45 PM.

Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:26 AM

Posted 01 November 2009 - 07:21 AM

Are you still there Richcamlin
Posted Image
m0le is a proud member of UNITE

#4 richcamlin

richcamlin
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 01 November 2009 - 06:16 PM

Sorry to hang you out there like that. The truth is, I followed your advice. On my Acer, there is of course no Vista CD, so I had to work through the 8-back up CD's. Actually, the reinstall went pretty smooth. I have a couple of hard disks attached so I was able to save most of my vital files, and yes I checked everything for viruses first (Norton and AdAware).

Reloading drivers and s/w is, of course another thing; still having some minor issues w/that (not virus related)

I am very gratefull for you sage advise, and suspect the longer I hesitated the more stuff I lost.

So thanks a million and I plan to donate the minute my pension clears TD bank (did you hear about their "meltdown" two weeks ago?--It is still reverberating.0

Have a great day. How about those Eagles? Go Phillies!!

rc

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:26 AM

Posted 01 November 2009 - 06:20 PM

Okay, glad you caught my post. Virut is the nastiest kid on the block at the moment and there is no definite solution other than reinstalling/reformatting.

Sorry, it wasn't better news but at least you got rid of it before it killed your PC :(
Posted Image
m0le is a proud member of UNITE

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:26 AM

Posted 06 November 2009 - 06:30 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users