Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTML/Iframe.B.Gen virus, Virut and more


  • This topic is locked This topic is locked
8 replies to this topic

#1 secretaatoooo

secretaatoooo

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 27 March 2016 - 01:50 PM

Seems nothing I do is enough to get rid of the virus. Formatted ny HDD twice and also reinstalled windows, previously ran both MBAM premium and the trial version of NOD32 but nod32 actually detected every system file as a threat and made my system unstable. So had to reinstall the windows 7 os again. The latest, I refrained from instaling Nod32 anymore and preferred to use their online scanner just to get a report. I would like to recover/disinfect the html files as they are important to me. Any help is appreciated. Unfortunately even my backup drive has been infected too so not much use anymore. Previously I had tried to use the notepad++ program's search and replace tool to get rid of the iframe virus but the fix seemed to be temporary.

 

 

Anyhow here is eset log, thanks

Attached Files


Edited by secretaatoooo, 27 March 2016 - 01:56 PM.


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:13 AM

Posted 30 March 2016 - 04:17 PM

Hi secretaatoooo,

 

You are infected with Virut, which is a file infecting virus (.exe, .scr, .html). This will take some effort to try and save your HTML files, and it may not even be possible. The problem is that any attempts may corrupt the files, or delete them. Let me see which tools is most effective and I will reply to you.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 secretaatoooo

secretaatoooo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 30 March 2016 - 04:21 PM

TY, for now I have managed to salvage 70% of the html files with eset's and notepad++'s help although all the .exes had to be reinstalled :(

 

I would still like the info on effective tools for combating this virus as I am afraid I might get infected again (although I dunno how I got it in first place, I don't visit adult sites anyway, maybe I got it from skype)


Edited by secretaatoooo, 30 March 2016 - 04:22 PM.


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:13 AM

Posted 31 March 2016 - 03:57 PM

Hi secretaatoooo,
 
I suggest running this tool as well to make sure the virus is gone.
 
Do you run an antivirus usually on your system? Malwarebytes alone does not protect against viruses.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 secretaatoooo

secretaatoooo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 31 March 2016 - 05:51 PM

TY. Will post back what I find. No I actually was under the delusion that MBAM takes care of everything, until this Virut attack that is, which made me wiser, that is when I installed nod32 but too late :( Before MBAM I used Norton but that would slow down my system so I dumped it. You know what is funny is Nod32 is kinda overlooking all the files that AVG is running a check on lol


Edited by secretaatoooo, 31 March 2016 - 05:54 PM.


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:13 AM

Posted 02 April 2016 - 08:02 AM

Hi secretaatoooo,
 
Ah, yes. MBAM does not detect certain file types and viruses, which leaves you vulnerable to script downloaders, and it has not so good 0 day detection of new malware. An antivirus covers those weakness, but even once you are infected it's hit and miss whether it can clean up. I recommend trying Avast or Bitdefender free and seeing whether they slow things down.
 
Let me know how the results come back.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 secretaatoooo

secretaatoooo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 02 April 2016 - 04:10 PM

For now AVG came clean, so maybe I should be happy. Thanks for the suggestions, for now I am happy with eset. if it plays out well during the next 3 weeks i would prolly buy it



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:13 AM

Posted 03 April 2016 - 04:10 PM

Hi secretaatoooo,

 

Looks like ESET cleaned everything then. Sounds good then :)

 

Can I help you with anything else?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:13 AM

Posted 01 July 2016 - 12:08 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users