Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virut!gen, Inet2000, Can't Install Service pack 2


  • This topic is locked This topic is locked
8 replies to this topic

#1 balniks

balniks

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 06 February 2010 - 01:57 AM

hi all,

Ok, long story short, i had to take out one of my SDRAM's because my computer wouldn't boot up. I think i had too much on C Drive and it was causing big problems. So after twice installing service pack 2, and getting the reboot loop, i've just installed windows updates up to service pack 2, and avoiding installing it. I basically cannot get rid of Virut!gen, Stopzilla keeps telling me it's there, and i keep removing it to no avail. I've tried symantec fixvirut in safe mode, but that still doesn't seem to get rid of it.

I'm trying to delay the inevitable i think, that my computer is stuffed!?

Here is my hijack this log,

Thanks to anyone who can help, much appreciated!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:27 AM, on 2/8/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\System\MSASP32.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\3 Mobile\3 Mobile Broadband\3 Mobile Broadband.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = rewardscentral.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WWW.BenQ.COM/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.benq.com/
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://WWW.BenQ.COM/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1265490446806
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7797962-30AD-49F4-BE18-A37D67957BFD}: NameServer = 202.124.76.106 202.124.76.110
O23 - Service: Advance Service Process - Unknown owner - C:\Program Files\Common Files\System\MSASP32.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 2221 bytes


BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:56 AM

Posted 06 February 2010 - 11:47 AM

Hello my name is Sempai and welcome to Bleeping Computer.
*We apologize for the delay. Forum have been busy.

*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.

*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.

*You must reply within 5 days otherwise this topic will be closed.




Please make sure that you can view all hidden files.  Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit.  You will only be able to have one file scanned at a time.  (Please scan at least 3 of the files below):

C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe


Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal:  http://www.virustotal.com/



~Semp


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 balniks

balniks
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 06 February 2010 - 03:26 PM

Hi Semp,
Thanks for helping.
I scanned using virustotal. Only 2 of the 5 showed results.

Also forgot to add, that for no apparent reason i'll get a generic host process win 32 error. And this stops the net from working, and i have to reboot and reconnect to the net.

Here are the results:

File explorer.exe received on 2010.02.06 20:07:28 (UTC)Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.06 Virus.Win32.Virut.av!IK
AhnLab-V3 5.0.0.2 2010.02.06 Win32/Virut.B
AntiVir 7.9.1.158 2010.02.05 W32/Virut.AX
Antiy-AVL 2.0.3.7 2010.02.05 Virus/Win32.Virut.av.gen
Authentium 5.2.0.5 2010.02.06 W32/Virut.7116
Avast 4.8.1351.0 2010.02.06 Win32:Virtob
AVG 9.0.0.730 2010.02.06 Win32/Virut
BitDefender 7.2 2010.02.06 Win32.Virtob.8.Gen
CAT-QuickHeal 10.00 2010.02.06 W32.Virut.Z
ClamAV 0.96.0.0-git 2010.02.06 W32.Virut-17
Comodo 3844 2010.02.06 Virus.Win32.Virut.AV
DrWeb 5.0.1.12222 2010.02.06 Win32.Virut.30
eSafe 7.0.17.0 2010.02.04 -
eTrust-Vet 35.2.7286 2010.02.05 Win32/Virut.7115
F-Prot 4.5.1.85 2010.02.06 W32/Virut.7116
F-Secure 9.0.15370.0 2010.02.06 Win32.Virtob.8.Gen
Fortinet 4.0.14.0 2010.02.06 W32/Virut.AV
GData 19 2010.02.06 Win32.Virtob.8.Gen
Ikarus T3.1.1.80.0 2010.02.06 Virus.Win32.Virut.av
Jiangmin 13.0.900 2010.02.06 Win32/Virut.af
K7AntiVirus 7.10.968 2010.02.06 Virus.Win32.Virut.av
Kaspersky 7.0.0.125 2010.02.06 Virus.Win32.Virut.av
McAfee 5884 2010.02.06 W32/Virut.gen.a
McAfee+Artemis 5884 2010.02.06 W32/Virut.gen.a
McAfee-GW-Edition 6.8.5 2010.02.06 Win32.Virut.AX
Microsoft 1.5406 2010.02.06 Virus:Win32/Virut.AC
NOD32 4842 2010.02.06 Win32/Virut.AV
Norman 6.04.03 2010.02.06 W32/Virut.AG
nProtect 2009.1.8.0 2010.02.06 Virus/W32.Virut.K
Panda 10.0.2.2 2010.02.06 -
PCTools 7.0.3.5 2010.02.06 Win32.Virut.Gen.4
Rising 22.33.05.04 2010.02.06 Win32.Virut.an
Sophos 4.50.0 2010.02.06 W32/Virut-W
Sunbelt 3.2.1858.2 2010.02.06 Virus.Win32.Virut.a (v)
TheHacker 6.5.1.0.181 2010.02.06 W32/Virut.av
TrendMicro 9.120.0.1004 2010.02.06 PE_VIRUT.AV
VBA32 3.12.12.1 2010.02.05 Virus.Win32.Virut.2
ViRobot 2010.2.5.2174 2010.02.05 Win32.Virut.S
VirusBuster 5.0.21.0 2010.02.06 Win32.Virut.Gen.4

Additional information
File size: 1011200 bytes
MD5...: e444ee81622989b393ff292cd5cd24a9
SHA1..: 0c84c79dd18f45ca497cad7c08454ce28c294ef7
SHA256: 271426768377904be70577bac23b905f42136f43885b4bfa45de438bc613f7e1
ssdeep: 12288:iOifaHNmB8gA8a5dBbcHmoHWm2Rkf8f+skzax1/g/J/vtc3:KUNj15dhMI<BR>Jkf8f+skK1/g/J/FG<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xf7600<BR>timedatestamp.....: 0x3d6de1e2 (Thu Aug 29 08:57:06 2002)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x3d78d 0x3d800 6.47 224429129ab70cdb49c0236e22786104<BR>.data 0x3f000 0x1cd8 0x1c00 0.96 02facb4867aeeafea7058f9e55938fd9<BR>.rsrc 0x41000 0xb2270 0xb2400 6.63 88a6c14361e58a2141156306890f9dfb<BR>.reloc 0xf4000 0xa600 0x5200 7.36 f804df9a54ef540880bc42af65e092ce<BR><BR>( 13 imports ) <BR>&gt; msvcrt.dll: realloc, memmove, free, _itow, _ftol, _except_handler3<BR>&gt; ADVAPI32.dll: RegSetValueW, RegEnumKeyW, RegNotifyChangeKeyValue, RegQueryValueExA, RegOpenKeyExA, RegQueryValueW, RegCloseKey, RegCreateKeyW, RegDeleteValueW, RegEnumValueW, RegOpenKeyExW, RegQueryInfoKeyW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegEnumKeyExW, GetUserNameW<BR>&gt; KERNEL32.dll: GetLocaleInfoW, FreeLibrary, GetSystemDefaultLCID, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, CompareFileTime, GetSystemTimeAsFileTime, lstrcpynW, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, SystemTimeToFileTime, GetLocalTime, GetFileAttributesW, MoveFileW, FindClose, FindNextFileW, CreateEventW, IsBadCodePtr, SetEvent, GetCurrentProcessId, GetEnvironmentVariableW, lstrcatW, lstrcmpW, UnregisterWait, ResetEvent, GlobalGetAtomNameW, LoadLibraryExW, lstrcmpiA, RegisterWaitForSingleObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, HeapFree, GetProcessHeap, HeapAlloc, HeapReAlloc, HeapSize, GetUserDefaultLCID, ReadProcessMemory, SetLastError, OpenProcess, InterlockedCompareExchange, LoadLibraryA, GetLastError, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, GetSystemDirectoryW, GetWindowsDirectoryW, CreateFileW, DeviceIoControl, lstrcmpiW, LocalAlloc, LocalFree, ExitProcess, CreateJobObjectW, CreateThread, CreateProcessW, AssignProcessToJobObject, ResumeThread, TerminateProcess, TerminateThread, DelayLoadFailureHook, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, GetProcAddress, DeleteCriticalSection, HeapDestroy, InitializeCriticalSection, lstrlenW, lstrcpyW, InterlockedDecrement, InterlockedIncrement, CreateEventA, GetFileAttributesExW, MulDiv, GetLongPathNameW, GetProcessTimes, GetVersionExA, GetModuleHandleA, InterlockedExchange, GlobalFree, GlobalAlloc, FindFirstFileW<BR>&gt; GDI32.dll: OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetStretchBltMode, GetStockObject, CreatePatternBrush, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, CreateFontIndirectW, SetTextColor, SetBkMode, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetViewportOrgEx<BR>&gt; USER32.dll: SendDlgItemMessageW, EndDialog, ChildWindowFromPoint, SetCursorPos, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, TranslateMessage, DispatchMessageW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, DestroyWindow, SendMessageCallbackW, GetClassLongW, LoadIconW, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, TileWindows, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, OpenInputDesktop, CloseDesktop, EnumWindows, GetSysColorBrush, AllowSetForegroundWindow, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, GetSysColor, DrawTextW, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, wsprintfW, SetMenuItemInfoW, CharUpperBuffW, PeekMessageW, PostMessageW, EnumDisplayDevicesW, EnumDisplaySettingsExW, GetDC, ReleaseDC, LoadStringW, MessageBoxW, GetShellWindow, FindWindowW, SystemParametersInfoW, GetSystemMetrics, GetDoubleClickTime, CharNextW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetKeyState, RegisterWindowMessageW, SendMessageW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, CheckDlgButton, GetMessagePos, EnableWindow, IsDlgButtonChecked, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, GetDCEx, ExitWindowsEx, WindowFromPoint, SetRect, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, AppendMenuW, SetWindowPlacement, CheckMenuItem, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, InvalidateRect, GetClassNameW, GetWindowLongW, EnumChildWindows, DrawEdge<BR>&gt; ntdll.dll: NtQueryInformationProcess, RtlNtStatusToDosError<BR>&gt; SHLWAPI.dll: -, -, -, -, -, -, -, -, -, AssocCreate, -, -, PathIsNetworkPathW, SHQueryValueExW, -, -, -, StrRetToStrW, StrRetToBufW, -, -, -, -, StrCpyW, -, StrCmpNW, -, StrCmpIW, -, -, -, -, -, -, SHGetValueW, -, wnsprintfW, PathUnquoteSpacesW, PathGetArgsW, -, StrCatBuffW, PathQuoteSpacesW, PathAppendW, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, -, -, -, -, -, PathCombineW, SHSetValueW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, StrCatW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathFindExtensionW, PathIsDirectoryW, -, PathRemoveFileSpecW, StrChrW, -, PathFileExistsW, PathGetDriveNumberW, -, -, -, PathStripToRootW, -, -, SHOpenRegStream2W, -, StrCpyNW, -, -, StrDupW, SHDeleteValueW, SHDeleteKeyW<BR>&gt; SHELL32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetDesktopFolder, SHChangeNotify, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, -, SHGetPathFromIDListA, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, SHGetFolderPathW, -, SHGetSpecialFolderLocation, -, -, -, -, -, -, -, -, -, -, ShellExecuteW, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderPathW, ShellExecuteExW, -, -, -, SHBindToParent, -, -<BR>&gt; ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, RevokeDragDrop, OleUninitialize, CoInitializeEx, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, CoUninitialize, DoDragDrop<BR>&gt; OLEAUT32.dll: -, -<BR>&gt; BROWSEUI.dll: -, -, -, -<BR>&gt; SHDOCVW.dll: -, -, -<BR>&gt; UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, CloseThemeData, DrawThemeBackground, SetWindowTheme, GetThemeTextExtent, DrawThemeText, GetThemeBackgroundRegion, -, IsAppThemed, GetThemeFont, GetThemeColor, GetThemeMargins, GetThemeRect<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)<BR>DOS Executable Generic (49.8%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: Windows Explorer<BR>original name: EXPLORER.EXE<BR>internal name: explorer<BR>file version.: 6.00.2800.1106 (xpsp1.020828-1920)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>


---------------------------------------------------------------------------------------

File winlogon.exe received on 2010.02.06 20:16:17 (UTC)Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.06 -
AhnLab-V3 5.0.0.2 2010.02.06 -
AntiVir 7.9.1.158 2010.02.05 -
Antiy-AVL 2.0.3.7 2010.02.05 Trojan/Win32.Patched.gen
Authentium 5.2.0.5 2010.02.06 -
Avast 4.8.1351.0 2010.02.06 -
AVG 9.0.0.730 2010.02.06 -
BitDefender 7.2 2010.02.06 -
CAT-QuickHeal 10.00 2010.02.06 -
ClamAV 0.96.0.0-git 2010.02.06 -
Comodo 3844 2010.02.06 -
DrWeb 5.0.1.12222 2010.02.06 -
eSafe 7.0.17.0 2010.02.04 -
eTrust-Vet 35.2.7286 2010.02.05 -
F-Prot 4.5.1.85 2010.02.06 -
F-Secure 9.0.15370.0 2010.02.06 -
Fortinet 4.0.14.0 2010.02.06 -
GData 19 2010.02.06 -
Ikarus T3.1.1.80.0 2010.02.06 -
Jiangmin 13.0.900 2010.02.06 -
K7AntiVirus 7.10.968 2010.02.06 -
Kaspersky 7.0.0.125 2010.02.06 -
McAfee 5884 2010.02.06 -
McAfee+Artemis 5884 2010.02.06 -
McAfee-GW-Edition 6.8.5 2010.02.06 -
Microsoft 1.5406 2010.02.06 -
NOD32 4842 2010.02.06 -
Norman 6.04.03 2010.02.06 -
nProtect 2009.1.8.0 2010.02.06 -
Panda 10.0.2.2 2010.02.06 -
PCTools 7.0.3.5 2010.02.06 -
Prevx 3.0 2010.02.06 -
Rising 22.33.05.04 2010.02.06 -
Sophos 4.50.0 2010.02.06 -
Sunbelt 3.2.1858.2 2010.02.06 -
TheHacker 6.5.1.0.181 2010.02.06 -
TrendMicro 9.120.0.1004 2010.02.06 -
VBA32 3.12.12.1 2010.02.05 -
ViRobot 2010.2.5.2174 2010.02.05 -
VirusBuster 5.0.21.0 2010.02.06 -

Additional information
File size: 516608 bytes
MD5...: 2246d8d8f4714a2cedb21ab9b1849abb
SHA1..: 4ca71cad2321ef9f7e24205dcd0fd5deacef215b
SHA256: 8fb241bbc1708dc42692f2e69500f67acb298a819342f9633b76ff719eb6ad29
ssdeep: 6144:k25F/s1L5ThoU1o1d7F7x61w66lW9uZYFKhNh0wze5arzIxw8BujL2:k2f6<BR>W1d5N6aeAph05mzau<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x3c559<BR>timedatestamp.....: 0x3d6de7a6 (Thu Aug 29 09:21:42 2002)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x71f50 0x72000 6.87 d6b6f3cb3d26182fbfa9f84c56d8f24f<BR>.data 0x73000 0x5610 0x2c00 4.28 40ae3a8f284ff8547d8b3eb722e7ac03<BR>.rsrc 0x79000 0x9020 0x9200 3.62 58f62d9a3ed0d742907a39fde2e619ee<BR><BR>( 19 imports ) <BR>&gt; msvcrt.dll: ceil, wcscpy, wcsncmp, _controlfp, _except_handler3, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, malloc, free, wcscmp, _local_unwind2, swscanf, swprintf, wcsncat, wcschr, memmove, wcstok, atoi, wcsncpy, wcsstr, _wcsicmp, wcslen, _snwprintf, wcscat, _wcsupr<BR>&gt; ADVAPI32.dll: RegSetValueExW, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptVerifySignatureW, CryptEncrypt, CryptDecrypt, CryptDestroyKey, MD5Final, MD5Update, MD5Init, I_ScSendTSMessage, RegSetKeySecurity, AddAccessAllowedAceEx, RegDeleteKeyW, RegOpenCurrentUser, CryptReleaseContext, CryptGetProvParam, CryptDestroyHash, CryptGetHashParam, CryptHashData, CryptSetHashParam, CryptCreateHash, CryptAcquireContextW, GetCurrentHwProfileW, ConvertStringSecurityDescriptorToSecurityDescriptorA, SetFileSecurityA, CryptGenRandom, CryptDeriveKey, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, CryptImportKey, RegCreateKeyExW, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, ReportEventW, RegisterEventSourceW, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, SystemFunction036, RegQueryInfoKeyA, RegEnumKeyExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, SetKernelObjectSecurity, QueryServiceConfigW, RegNotifyChangeKeyValue, LsaClose, LsaFreeMemory, LsaQueryInformationPolicy, LsaOpenPolicy, AllocateLocallyUniqueId, CryptSignHashW, CryptSetProvParam<BR>&gt; KERNEL32.dll: CreateSemaphoreW, GetCurrentThread, WaitForSingleObjectEx, CreateThread, LoadResource, FindResourceW, SetThreadExecutionState, ResetEvent, GetComputerNameW, GetSystemDirectoryW, SetLastError, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, SetEnvironmentVariableW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, OpenMutexW, OpenEventW, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, TerminateProcess, GetCurrentProcess, SearchPathW, lstrcatW, LocalReAlloc, ExpandEnvironmentStringsW, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, SetThreadPriority, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, ReleaseSemaphore, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, VerifyVersionInfoW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, DuplicateHandle, OpenProcess, GetOverlappedResult, GetVersionExA, lstrcmpW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, FreeLibrary, GetEnvironmentVariableW, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, GetModuleHandleA, GetStartupInfoA, LoadLibraryW, InterlockedExchange, GetProcAddress, DelayLoadFailureHook, GetModuleHandleW, GetProfileStringW, GetShortPathNameW, lstrcpynW, FileTimeToLocalFileTime, FileTimeToSystemTime, GetUserDefaultLCID, GetTimeFormatW, WTSGetActiveConsoleSessionId, GetCurrentProcessId, GetCurrentThreadId, GetVersionExW, FormatMessageW, lstrcmpiW, GetProfileIntW, lstrcpyW, BaseInitAppcompatCacheSupport, SetFilePointer, GetFileSize, lstrcmpiA, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, lstrcpynA, GetSystemDefaultUILanguage, HeapFree, LoadLibraryExW, GetProcessHeap, HeapAlloc, GetSystemTime, SystemTimeToFileTime, WideCharToMultiByte, GetACP, MultiByteToWideChar, lstrcpyA, lstrlenA, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrlenW, Sleep, GetSystemDirectoryA, SizeofResource, LockResource, FindResourceExW, CreateMutexA, GlobalMemoryStatus, GetVolumeInformationW, GetDriveTypeA, GetLogicalDriveStringsA, lstrcmpA, lstrcatA, GetSystemInfo, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, LocalAlloc, CreateEventW, CreateWaitableTimerW, VirtualQueryEx, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, CreateMutexW, QueueUserWorkItem, DeleteCriticalSection, RtlUnwind, InitializeCriticalSectionAndSpinCount, CreateSemaphoreA, CreateEventA, ExitProcess, VirtualFree, VirtualProtect, FlushInstructionCache, GetSystemTimeAsFileTime<BR>&gt; GDI32.dll: RemoveFontResourceW, AddFontResourceW<BR>&gt; USER32.dll: SetProcessWindowStation, DispatchMessageW, PeekMessageW, GetSystemMetrics, wsprintfA, GetWindowRect, MsgWaitForMultipleObjects, PostQuitMessage, SendNotifyMessageW, MessageBoxW, FindWindowW, DefWindowProcW, RegisterClassW, RegisterWindowMessageW, TranslateMessage, GetMessageW, CreateWindowExW, SetThreadDesktop, RegisterDeviceNotificationW, CloseDesktop, GetUserObjectInformationW, OpenInputDesktop, RegisterHotKey, UnregisterHotKey, ReplyMessage, SetTimer, GetMessageTime, KillTimer, CreateDesktopW, SetUserObjectSecurity, PostThreadMessageW, GetAsyncKeyState, SetUserObjectInformationW, SetWindowPlacement, DeleteMenu, GetSystemMenu, GetWindowPlacement, DialogBoxParamW, CallNextHookEx, GetWindowTextW, EnumWindows, SetFocus, wsprintfW, SetDlgItemTextW, SetCursor, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, CloseWindowStation, CreateWindowStationW, OpenDesktopW, SwitchDesktop, SetWindowTextW, LoadStringW, SetWindowLongW, EndDialog, GetDlgItemTextW, GetWindowLongW, DestroyWindow, SetForegroundWindow, GetDesktopWindow, GetParent, GetKeyState, LoadImageW, SetLastErrorEx, wvsprintfW, DialogBoxIndirectParamW, UpdatePerUserSystemParameters, SetWindowStationUser, MBToWCSEx, LockWindowStation, UnlockWindowStation, SetLogonNotifyWindow, LoadLocalFonts, RecordShutdownReason, RegisterLogonProcess, ShowWindow, CreateDialogParamW, SendMessageW, GetDlgItem, SystemParametersInfoW, EnumDisplayMonitors, ExitWindowsEx, PostMessageW, UpdateWindow, SetWindowPos, SetWindowsHookW, UnhookWindowsHook<BR>&gt; RPCRT4.dll: RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcRevertToSelf, RpcImpersonateClient, UuidCreate, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerListen, RpcServerRegisterIf, I_RpcMapWin32Status, NdrServerCall2<BR>&gt; ntdll.dll: NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtCompleteConnectPort, NtReplyPort, RtlOpenCurrentUser, NtClose, NtQueryValueKey, NtOpenKey, RtlInitUnicodeString, RtlSetEnvironmentVariable, RtlQueryEnvironmentVariable_U, RtlCompareUnicodeString, NtQuerySecurityObject, RtlQueryInformationAcl, RtlGetAce, NtOpenEvent, NtQueryInformationJobObject, NtFilterToken, DbgPrint, NtInitiatePowerAction, RtlInitString, RtlSetProcessIsCritical, RtlSetThreadIsCritical, RtlCheckProcessParameters, DbgBreakPoint, NtQueryInformationProcess, RtlUnhandledExceptionFilter, NtOpenProcessToken, NtOpenThreadToken, NtPrivilegeCheck, NtPrivilegeObjectAuditAlarm, NtQuerySystemTime, RtlTimeToSecondsSince1980, NtCreateKey, NtSetValueKey, RtlRegisterWait, NtOpenDirectoryObject, NtQuerySystemInformation, RtlDosPathNameToNtPathName_U, NtCreatePagingFile, NtCreateEvent, NtSetInformationProcess, RtlNtStatusToDosError, RtlCreateAcl, RtlAddAce, RtlCreateSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlEqualSid, NtDuplicateObject, NtDuplicateToken, NtSetInformationThread, RtlLengthSid, RtlCopySid, RtlGetDaclSecurityDescriptor, NtAllocateLocallyUniqueId, RtlLengthRequiredSid, RtlInitializeSid, RtlSubAuthoritySid, RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment<BR>&gt; USERENV.dll: -, UnregisterGPNotification, DestroyEnvironmentBlock, CreateEnvironmentBlock, RegisterGPNotification, GetUserProfileDirectoryW, -, LoadUserProfileW, UnloadUserProfile, -, -, -, WaitForMachinePolicyForegroundProcessing, -, WaitForUserPolicyForegroundProcessing, -, -, GetAllUsersProfileDirectoryW<BR>&gt; NDdeApi.dll: -, -, -, -<BR>&gt; CRYPT32.dll: CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CertFreeCertificateContext, CertSetCertificateContextProperty, CertCreateCertificateContext, CryptVerifyMessageSignature, CryptImportPublicKeyInfo, CryptSignMessage, CertCloseStore, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CryptImportPublicKeyInfoEx, CertEnumCertificatesInStore<BR>&gt; Secur32.dll: LsaCallAuthenticationPackage, LsaLookupAuthenticationPackage, GetUserNameExW, LsaRegisterLogonProcess<BR>&gt; WINSTA.dll: WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, _WinStationNotifyDisconnectPipe, WinStationAutoReconnect, _WinStationWaitForConnect, _WinStationNotifyLogoff, _WinStationNotifyLogon, WinStationCheckLoopBack, WinStationShutdownSystem, WinStationSetInformationW, WinStationConnectW, WinStationReset, WinStationQueryInformationW, WinStationGetMachinePolicy, WinStationEnumerate_IndexedW, _WinStationFUSCanRemoteUserDisconnect, WinStationNameFromLogonIdW, _WinStationCallback, WinStationDisconnect<BR>&gt; PROFMAP.dll: RemapAndMoveUserW, InitializeProfileMappingApi<BR>&gt; REGAPI.dll: RegUserConfigQuery, RegDefaultUserConfigQueryW<BR>&gt; WS2_32.dll: -, -, getaddrinfo<BR>&gt; AUTHZ.dll: AuthziInitializeAuditEventType, AuthziInitializeAuditParams, AuthziInitializeAuditEvent, AuthziFreeAuditEventType, AuthzAccessCheck, AuthzFreeHandle, AuthzInitializeResourceManager, AuthzFreeResourceManager, AuthziLogAuditEvent, AuthzFreeAuditEvent<BR>&gt; PSAPI.DLL: EnumProcessModules, GetModuleBaseNameW, EnumProcesses<BR>&gt; VERSION.dll: GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW<BR>&gt; SETUPAPI.dll: SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW, SetupDiDestroyDeviceInfoList<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: © Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: Windows NT Logon Application<BR>original name: WINLOGON.EXE<BR>internal name: winlogon<BR>file version.: 5.1.2600.1106 (xpsp1.020828-1920)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
pdfid.: -
trid..: InstallShield setup (77.4%)<BR>Win32 Executable Generic (15.3%)<BR>Generic Win/DOS Executable (3.6%)<BR>DOS Executable Generic (3.5%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)


----------------------------------------------------------------------------------------------



#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:56 AM

Posted 07 February 2010 - 08:40 AM

Hi balniks,

Due to the nature of the infection, I can't guarantee that your pc will be totally clean after we clean it because the best solution for virut is to wipe the entire drive and clean installation of OS again, I want you to read some important notes below and then tell me what you decide.

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558
QUOTE(AVG Technologies)
There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034
QUOTE(Network Associates)
W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.



I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.
Keep in mind, though, that with a Virut infection, there is always a chance of backed up data reinfecting your system! Do NOT backup any applications/installers and do NOT backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script (.php, .asp, .html, .htm, .xml) files. Also avoid backing up compressed files (.zip, .cab, .rar) that have .exe or .scr files inside them as Virut can penetrate and infect these files within compressed files too.
NOTE: If you have to backup files, do so only for MS Office documents & any non-executable files. Burn them to CD/DVD. Do NOT copy files from the infected machine to your flash drive or external hard drive as they may become compromised in the process. You risk infecting the other machine!


~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 balniks

balniks
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 07 February 2010 - 06:07 PM

Hi again,

I already had to do a complete reboot originally when my comp first crashed. I tried again, and within a few minutes of getting back on the net to download stopzilla and access a few pages, stopzilla had detected it again. I do have an external but i don't think anything would have been copied onto there. How would i go about checking my external to see if it is infected without compromising my computer?

Thanks for your help so far,
Michael

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:56 AM

Posted 08 February 2010 - 05:18 PM

Hi balniks,

Are you going to reformat? Please let me know.


QUOTE
I do have an external but i don't think anything would have been copied onto there. How would i go about checking my external to see if it is infected without compromising my computer?

Please follow the steps below using a clean computer.

1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.



2. Please insert your external drive then go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Locate the drive that you want to scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply .



~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 balniks

balniks
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 08 February 2010 - 09:35 PM

Hi again,

I rebooted again, i haven't reformatted? How would i go about doing that?

After this reboot, everything seems fine so far, touch wood. I did the flash scan and that seems fine also. My Internet downloads are nearly up, so i can't do the Kaspersky one until sunday.

Thanks,
Michael

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:56 AM

Posted 10 February 2010 - 12:27 PM

Hi,

QUOTE
i haven't reformatted? How would i go about doing that?

When you reformat it means you will totally wipe the entire drive, meaning everything on it will be gone that's why I asked you to make some back up of your important documents. As I stated on my post #4, there is no guarantee that VIRUT can be fix.

Here is a great tutorial on how to reformat --> Click here.


~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:56 AM

Posted 14 February 2010 - 11:00 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users