compilllit Posted September 23, 2009 ID:131520 Share Posted September 23, 2009 You all just helped me fix one Son's computer, now other Son has issue. Ran malware and cleaned a lot up but get a bunch of Vundo returning on each other run of malware. It's a laptop running Vista. He swears he never opened anything, but he thinks he can get a free XBOX so has been going from site to site. His computer is blocked from this site so I have to do it from my computer. Here is his hijack and malware logs; (Thanks ahead of time)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:06:40 PM, on 9/22/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18813)Boot mode: NormalRunning processes:C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Logitech\QuickCam\Quickcam.exeC:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Windows\System32\igfxpers.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxtray.exeC:\Program Files\DellTPad\Apoint.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Program Files\DellTPad\HidFind.exeC:\Program Files\DellTPad\Apntex.exeC:\Windows\system32\wermgr.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\SearchFilterHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by DellR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLLO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLLO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dllO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hideO4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /STARTO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exeO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silentO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [Google Update] "C:\Users\boobtimelive\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\Windows\TEMP\12055kou.dll,DllMain (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\Windows\TEMP\12055kou.dll,DllMain (User 'Default user')O4 - Global Startup: 3jam SuperText Desktop.lnk = C:\Program Files\3jam\3jamSuperText.exeO4 - Global Startup: Bluetooth Manager.lnk = ?O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exeO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dllO20 - AppInit_DLLs: yarobefe.dll,zemavuda.dllO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeO23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 11740 bytesMalwarebytes' Anti-Malware 1.41Database version: 2833Windows 6.0.6002 Service Pack 29/22/2009 11:04:24 PMmbam-log-2009-09-22 (23-02-59).txtScan type: Full Scan (C:\|)Objects scanned: 243909Time elapsed: 1 hour(s), 32 minute(s), 1 second(s)Memory Processes Infected: 0Memory Modules Infected: 2Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 1Files Infected: 7Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\Windows\System32\zemavuda.dll (Trojan.Vundo) -> No action taken.C:\Windows\System32\marewugo.dll (Trojan.Vundo) -> No action taken.Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Program Files\Protection System (Rogue.ProtectionSystem) -> No action taken.Files Infected:C:\Windows\System32\zemavuda.dll (Trojan.Vundo) -> No action taken.C:\Windows\System32\marewugo.dll (Trojan.Vundo) -> No action taken.C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHC27AB.tmp (Trojan.Vundo) -> No action taken.C:\Windows\System32\gapedalu.dll (Trojan.Vundo) -> No action taken.C:\Windows\Temp\VRT1ADF.tmp (Trojan.Vundo) -> No action taken.C:\Windows\System32\certstore.dat (Trojan.Agent) -> No action taken.C:\Windows\sc.exe (Trojan.FakeAlert) -> No action taken.If nothing else maybe this will convince him there are no free XBOX 360s on the internet.Thanks again Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 28, 2009 Root Admin ID:134328 Share Posted September 28, 2009 Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".[*]During the download, rename Combofix to Combo-Fix as follows:[*]It is important you rename Combofix during the download, but not after.[*]Please do not rename Combofix to other names, but only to the one indicated.[*]Close any open browsers.[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers.WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------[*]Double click on combo-Fix.exe & follow the prompts.[*]When finished, it will produce a report for you. [*]Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**If you still cannot get this to run, try booting into Safe Mode, and run it there.To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode."If this doesn't work either, try the same method (above method), but name Combofix.exe to iexplore.exe instead, or winlogon.exe..This because It also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe... Link to post Share on other sites More sharing options...
compilllit Posted September 28, 2009 Author ID:134593 Share Posted September 28, 2009 Can now only open in safe mode- no matter what I do I get a message- Not safe to continue. Combo been compromised.Note: You may be infected with a file patching virus "Virut" Even tried renaming it Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 28, 2009 Root Admin ID:134715 Share Posted September 28, 2009 Please download and burn this from a clean computer and then run it on your infected computer. If you have Virut then you'll need to rebuild the computer.Avira AntiVir Rescue SystemRequires access to a working computer with a CD/DVD burner to create a bootable CD.Download the Avira AntiVir Rescue System from herePlace a blank CD in your burner and double-click on the downloaded file named rescue_system-common-en.exeIf the above link does not work please try this one: hereThe program will automatically burn the CD for you.Place the burned CD into the affected computer and start the computer from this CD.On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.Click on the Configuration button.Select Scan all filesSelect Try to repair infected files and Rename files, if they cannot be removedSelect Scan for dialersSelect Scan for joke programs (Jokes)Select Scan for gamesSelect Scan for spyware (SPR)[*]Click on Virus scanner[*]Click on Start scanner at the bottom of the screen[*]Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and WarningsThe Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.Possible solutions to Screen Resolution and other issuesPlease see the post here if you're unable to view the entire screen of Avira.You can also review this one Fixed Rescue CD Resolution Probs with Dell VideoCurrently only the German keyboard is supported. Command Line not working English keyboards require work arounds.Some computers attempt to mount the floppy even though they don't have one. You may need to go in to the BIOS and disable the floppy drive in order to mount your hard drive for scanning. Link to post Share on other sites More sharing options...
compilllit Posted September 29, 2009 Author ID:134899 Share Posted September 29, 2009 Well that kills me off. I just bought a computer that had Vista on it. When I hooked up an external drive it killed off my dvd writer. I got it back by deleting some filters in registry but now it won't burn any cd's, doesn't recognise them. Guess I'm going fishing, wonder how long a laptop can float.I do apprediate your help, but seems to me unless you're a computer genuis, these things just aren't worth havingAgain thanks for your help. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 29, 2009 Root Admin ID:134911 Share Posted September 29, 2009 Well try to do this on a friend or work computer if you can then. Link to post Share on other sites More sharing options...
compilllit Posted September 29, 2009 Author ID:134913 Share Posted September 29, 2009 Sigh, can't even get my post to work. My computer has Vista. For some reason (To make Bill Gates more money I'm guessing). when I connected my external backup hard drive my dvd writer icon was wiped out. I got it back by deleting some high/low filters in registry. Found out later now it won't burn cds so I can't do that to fix Son's computer.Another quick question- I have a working computer I was going to give my 9 year old to use. is there any way for me to block him from usinging the download funtion or changing settings on a computer? if not that computer is following laptop to bottom of lake.I do appreciate your help, but it looks like the bad guys are winning. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 29, 2009 Root Admin ID:134914 Share Posted September 29, 2009 PLEASE BE CAREFULYou could be dealing with VIRUT - DO NOT use any USB device or other media from this infected computer on any other as it can easily infect that computer as well.Disconnect this system from any network and do not share any device with it. You will need to use CD disks to work with this computer. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 29, 2009 Root Admin ID:134915 Share Posted September 29, 2009 I don't know for sure yet that you do have it, but this is the typical canned message for that Virus.Hello.The Virut virus is a file infector infection. Most experts suggest a format/reinstall. Virut File Infector WarningYour system is infected with the Win32.Virut virus. Virus:Win32 VIRUTYour system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr) and also web pages (.html and .htm). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a clean reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state.Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr or .html/.htm files by appending itself to the executable.Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.Disconnect it from any Network and do not share external USB drives or similar devices with any other computer as it can easily infect them as well if they're not protected from this Virus. Link to post Share on other sites More sharing options...
compilllit Posted September 29, 2009 Author ID:134920 Share Posted September 29, 2009 I have a headacheI've been using a zip drive to get things to the laptop. I believe Norton on my computer says it cleaned virut off my computer, should I check my computer with this file also (Got it to work using a different format) Seems I'm getting more computer literate, but I fighting and screaming all the way to knowledge. Link to post Share on other sites More sharing options...
compilllit Posted September 29, 2009 Author ID:134929 Share Posted September 29, 2009 Got it on cd- put it on laptopDid start in normal mode (Off cd I guess)But no icons showing- when I click on the program it asks if I really want to erase disc Link to post Share on other sites More sharing options...
compilllit Posted September 29, 2009 Author ID:134942 Share Posted September 29, 2009 And now I can't get the disc out in normal or safe mode Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 29, 2009 Root Admin ID:134954 Share Posted September 29, 2009 Well you appear to have a post open over here: http://forums.techguy.org/malware-removal-...nt-go-away.htmlIt looks like you may have Virut if Symantec said something about it. I would let the helper on the other forum know.Since you're being helped elsewhere I'll close this post now. Link to post Share on other sites More sharing options...
Recommended Posts