Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Heur Virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 CraigBosman

CraigBosman

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 26 January 2011 - 09:16 AM

Hi,

I am a real newby, and can follow directions, so thought I'd try to resolve this virus that seems to be a real nasty...I have AVG installed on the computer as well as winpatrol, Search and Destroy, and , but these were all installed in order to try clean this computer. The computer runs XP and if I startup (without being in safe mode) the AVG opens a new alert every few seconds. Clearly this PC is infested. I have run all the virus programs in safe mode, and each one has detected (and cleaned or attempted to clean) all virusses, but a normal boot proves to be still infested. In safe mode the PC runs with no problem, but in a normal boot, the PC restarts itself every few minutes usually without ever getting to the desktop.

OK, now it won't even boot up into safe mode. Seems I am stuffed?

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,583 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:58 AM

Posted 27 January 2011 - 07:56 PM

Run Combofix in Safe Mode with Networking.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If any of these applications will not uninstall, it is first recommended to uninstall it with AppRemover by Opswat. http://www.appremover.com/supported-applications. Do not use AppRemover on Norton

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 CraigBosman

CraigBosman
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 07 February 2011 - 06:56 AM

Hi, Thanks for the post, I managed to restore and get the PC up and running again in safe mode.

After running Combofix, straight after the disclaimer, it said ALERT!! It is not safe to continue, contents of combofix has been compromised please download a fresh copy from .... Note: You may be infected with a file patching virus "Virut"...

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,583 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:58 AM

Posted 07 February 2011 - 08:31 AM

That is very unfortunate. There is no defense against Virut. Only a reformat and a reinstall is the secured way to deal with his infection.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 CraigBosman

CraigBosman
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 07 February 2011 - 09:00 AM

That is bad news, but thanks a million for the help SG.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users