Badly infected computer, please help.

[computernooob]

hi everybody,

im having major problems with my pc i use windows xp sp2. where should i start, im havin so many problems with my pc about 7 error messages come up when i start my pc (i will be posting these) i have scanned my pcc with both avg and malwarebytes. but even these programs cannot get rid of them. please help guys. and also sorry if this message is too brief and lacks info, and sorry for the bad english. you see on top of everything my keyboard is not working! im having to usethe annoying on screen keybord . pleae help

here is th hjt log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:23, on 07/04/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.internetdownloadmanager.com/welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A6511C7-4112-4785-BDD0-3BD32CE5EDED}: NameServer = 193.36.79.100 80.10.246.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c9f5b1a2c085f4) (gupdate1c9f5b1a2c085f4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 12443 bytes

 

[computernooob]

here are the error messages thate come up every time i start my pc.

 

[computernooob]

bump.

 

[computernooob]

the computer is working really slow now..... help

 

[computernooob]

ok, something VERY strange just happend this morning, firsr i connected to the internet.... and then it happend. three new icons appeared on my desktop. i can only remember one of them but they were all very simmilar. the one i remember read pornotube.com and there were 2 others simmilar. then this error message saide windowsexplorer.exe must close and i gave me 2 options: send or dont send i clicked dont send an eveything exept wallpaper dissapeared. about 10 secs later everything came up. and thena avg message came up it said malware found so i clicked remove and then those 3 icons dissapeared and another avg message came up and it said: malware has just been removed, and it made me restart my pc. and now those 3 i cons are gone but i still get those error messages telling me that ive got trojans and viruses (which i previously posted). So please help me, as i fear my computer might literally die

 

[CatByte]

Hi,

The message you received indicated you have virut

Virut is a polymorphic file infector. This infection cannot be cleaned. If we confirm this is the case, the only thing you can do is a complete reformat and re-install.

Let's run a diagnostic test to make sure:

Please do the following:

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  
  c:\windows\system32\userinit.exe
  ​
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Please do the same for the following files:
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\spoolsv.exe


NEXT


We would be grateful if you could assist us in our research into this infection by providing us with some samples and information from your machine. This will only take a minute or two to complete, and is very simple. If you wish to help us, please do the following:

• Download VAPrep.bat and save it to your Desktop.
• Double-click VAPrep.bat to run it. It will only take a moment to complete.
• When done, please right-click the VAPrep folder which should now be on your Desktop. Select Send To >> Compressed (zipped) Folder.
• Next, please go to this webpage.
• Browse to the VAPrep.zip zipped folder you just created.
• Click Send File.

Once done, you can delete the VAPrep folder and .zip file from you Desktop. Thanks for helping us out.

 

[computernooob]

VirSCAN.org Scanned Report :
Scanned time : 2010/04/08 15:18:04 (BST)
Scanner results: 56% Scanner(s) (20/36) found malware!
File Name : userinit.exe
File Size : 44032 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 1cadcf0ff81a21fd302c6e221ee2bdbf
SHA1 : f3aa35863bbb4ef388d80c4a85397c45e61955b9
Online report : http://virscan.org/report/987e24beab4520e7e90d616d23578d7f.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100408214355 2010-04-08 6.64 Trojan-Downloader.Win32.Obitel!IK
AhnLab V3 2010.04.08.00 2010.04.08 2010-04-08 1.64 -
AntiVir 8.2.1.210 7.10.6.48 2010-04-08 0.28 W32/Virut.Gen
Antiy 2.0.18 20100408.4160000 2010-04-08 0.12 -
Arcavir 2009 201004081006 2010-04-08 0.04 -
Authentium 5.1.1 201004080309 2010-04-08 2.01 -
AVAST! 4.7.4 100408-0 2010-04-08 0.01 Win32:Kavos [Trj]
AVG 8.5.720 271.1.1/2798 2010-04-08 1.44 Win32/Heur
BitDefender 7.81008.5596693 7.31138 2010-04-08 3.70 Win32.Virtob.Gen.12
ClamAV 0.95.3 10715 2010-04-08 0.01 PUA.Packed.ASPack
Comodo 3.13.579 4539 2010-04-08 1.94 Virus.Win32.Virut.Ce
CP Secure 1.3.0.5 2010.04.02 2010-04-02 0.00 -
Dr.Web 5.0.2.3300 2010.04.08 2010-04-08 6.47 Win32.Virut.56
F-Prot 4.4.4.56 20100407 2010-04-07 1.90 -
F-Secure 7.02.73807 2010.04.08.06 2010-04-08 0.40 Virus.Win32.Virut.ce [AVP]
Fortinet 4.0.14 11.673 2010-04-08 1.08 -
GData 19.10964/19.872 20100408 2010-04-08 11.27 Virus.Win32.Virut.ce [Engine:A]
ViRobot 20100407 2010.04.07 2010-04-07 1.01 -
Ikarus T3.1.01.80 2010.04.08.75580 2010-04-08 5.67 Trojan-Downloader.Win32.Obitel
JiangMin 13.0.900 2010.04.08 2010-04-08 3.46 -
Kaspersky 5.5.10 2010.04.08 2010-04-08 0.33 Virus.Win32.Virut.ce
KingSoft 2009.2.5.15 2010.4.8.16 2010-04-08 3.61 -
McAfee 5400.1158 5943 2010-04-06 0.02 -
Microsoft 1.5605 2010.04.08 2010-04-08 9.49 Virus:Win32/Virut.BN
Norman 6.04.11 6.04.00 2010-04-08 6.01 -
Panda 9.05.01 2010.04.07 2010-04-07 8.41 Suspicious file
Trend Micro 9.120-1004 6.980.06 2010-04-08 0.00 -
Quick Heal 10.00 2010.04.08 2010-04-08 2.21 W32.Virut.G
Rising 20.0 22.42.03.03 2010-04-08 1.51 -
Sophos 3.06.0 4.52 2010-04-08 3.33 W32/Scribble-B
Sunbelt 3.9.2412.2 6151 2010-04-08 8.52 Virus.Win32.Virut.ce (v)
Symantec 1.3.0.24 20100407.002 2010-04-07 0.39 W32.Virut.CF
nProtect 20100405.01 7907880 2010-04-05 7.05 -
The Hacker 6.5.2.0 v00257 2010-04-08 0.92 -
VBA32 3.12.12.4 20100407.2055 2010-04-07 2.81 OScope.Trojan.Bofa
VirusBuster 4.5.11.10 10.122.36/2039118 2010-04-07 3.08 Win32.Virut.AB.Gen

 

[computernooob]

VirSCAN.org Scanned Report :
Scanned time : 2010/04/08 15:25:18 (BST)
Scanner results: 42% Scanner(s) (15/36) found malware!
File Name : explorer.exe
File Size : 1057792 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a8572136d93d952d2640971e6f5426ce
SHA1 : c4c1daeb958c595cb9443f9d3d51c70c14a7996c
Online report : http://virscan.org/report/342d8370aaa947bacd5411b03e50c36d.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100408214355 2010-04-08 5.37 Trojan.Win32.Patched!IK
AhnLab V3 2010.04.08.00 2010.04.08 2010-04-08 1.19 -
AntiVir 8.2.1.210 7.10.6.48 2010-04-08 0.36 W32/Virut.Gen
Antiy 2.0.18 20100408.4160000 2010-04-08 0.13 -
Arcavir 2009 201004081006 2010-04-08 0.16 Heur.W32
Authentium 5.1.1 201004080309 2010-04-08 2.44 -
AVAST! 4.7.4 100408-0 2010-04-08 0.05 Win32:Vitro
AVG 8.5.720 271.1.1/2798 2010-04-08 1.43 -
BitDefender 7.81008.5596693 7.31138 2010-04-08 3.56 Win32.Virtob.Gen.12
ClamAV 0.95.3 10715 2010-04-08 0.18 -
Comodo 3.13.579 4539 2010-04-08 1.97 -
CP Secure 1.3.0.5 2010.04.02 2010-04-02 0.00 -
Dr.Web 5.0.2.3300 2010.04.08 2010-04-08 6.72 -
F-Prot 4.4.4.56 20100407 2010-04-07 2.20 -
F-Secure 7.02.73807 2010.04.08.06 2010-04-08 0.15 Virus.Win32.Virut.ce [AVP]
Fortinet 4.0.14 11.673 2010-04-08 0.32 -
GData 19.10964/19.872 20100408 2010-04-08 7.48 Virus.Win32.Virut.ce [Engine:A]
ViRobot 20100407 2010.04.07 2010-04-07 0.61 -
Ikarus T3.1.01.80 2010.04.08.75580 2010-04-08 5.73 Trojan.Win32.Patched
JiangMin 13.0.900 2010.04.08 2010-04-08 1.29 -
Kaspersky 5.5.10 2010.04.08 2010-04-08 0.09 Virus.Win32.Virut.ce
KingSoft 2009.2.5.15 2010.4.8.16 2010-04-08 0.67 -
McAfee 5400.1158 5943 2010-04-06 0.02 -
Microsoft 1.5605 2010.04.08 2010-04-08 7.73 Virus:Win32/Virut.BN
Norman 6.04.11 6.04.00 2010-04-08 6.01 -
Panda 9.05.01 2010.04.07 2010-04-07 2.37 -
Trend Micro 9.120-1004 6.980.06 2010-04-08 0.00 -
Quick Heal 10.00 2010.04.08 2010-04-08 1.98 W32.Virut.G
Rising 20.0 22.42.03.03 2010-04-08 1.48 -
Sophos 3.06.0 4.52 2010-04-08 3.62 W32/Scribble-B
Sunbelt 3.9.2412.2 6151 2010-04-08 5.09 Virus.Win32.Virut.ce (v)
Symantec 1.3.0.24 20100407.002 2010-04-07 0.08 W32.Virut.CF
nProtect 20100405.01 7907880 2010-04-05 5.97 -
The Hacker 6.5.2.0 v00257 2010-04-08 0.38 -
VBA32 3.12.12.4 20100407.2055 2010-04-07 3.07 -
VirusBuster 4.5.11.10 10.122.36/2039118 2010-04-07 3.01 Win32.Virut.AB.Gen

 

[computernooob]

VirSCAN.org Scanned Report :
Scanned time : 2010/04/08 15:28:49 (BST)
Scanner results: Scanners did not find malware!
File Name : ctfmon.exe
File Size : 15360 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 24232996a38c0b0cf151c2140ae29fc8
SHA1 : b36d03b56a30187ffc6257459d632a4faac48af2
Online report : http://virscan.org/report/935417afe6e1b8d2ca957dba03976919.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100408214355 2010-04-08 15.00 -
AhnLab V3 2010.04.08.00 2010.04.08 2010-04-08 1.78 -
AntiVir 8.2.1.210 7.10.6.48 2010-04-08 0.26 -
Antiy 2.0.18 20100408.4160000 2010-04-08 0.12 -
Arcavir 2009 201004081006 2010-04-08 0.03 -
Authentium 5.1.1 201004080309 2010-04-08 1.33 -
AVAST! 4.7.4 100408-0 2010-04-08 0.01 -
AVG 8.5.720 271.1.1/2798 2010-04-08 0.23 -
BitDefender 7.81008.5596693 7.31138 2010-04-08 3.59 -
ClamAV 0.95.3 10715 2010-04-08 0.01 -
Comodo 3.13.579 4539 2010-04-08 1.00 -
CP Secure 1.3.0.5 2010.04.02 2010-04-02 0.00 -
Dr.Web 5.0.2.3300 2010.04.08 2010-04-08 6.68 -
F-Prot 4.4.4.56 20100407 2010-04-07 1.38 -
F-Secure 7.02.73807 2010.04.08.06 2010-04-08 0.20 -
Fortinet 4.0.14 11.673 2010-04-08 0.24 -
GData 19.10964/19.872 20100408 2010-04-08 8.10 -
ViRobot 20100407 2010.04.07 2010-04-07 0.51 -
Ikarus T3.1.01.80 2010.04.08.75580 2010-04-08 6.39 -
JiangMin 13.0.900 2010.04.08 2010-04-08 3.37 -
Kaspersky 5.5.10 2010.04.08 2010-04-08 0.13 -
KingSoft 2009.2.5.15 2010.4.8.16 2010-04-08 1.15 -
McAfee 5400.1158 5943 2010-04-06 0.02 -
Microsoft 1.5605 2010.04.08 2010-04-08 12.93 -
Norman 6.04.11 6.04.00 2010-04-08 4.01 -
Panda 9.05.01 2010.04.07 2010-04-07 2.89 -
Trend Micro 9.120-1004 6.980.06 2010-04-08 0.00 -
Quick Heal 10.00 2010.04.08 2010-04-08 2.48 -
Rising 20.0 22.42.03.03 2010-04-08 2.59 -
Sophos 3.06.0 4.52 2010-04-08 3.36 -
Sunbelt 3.9.2412.2 6151 2010-04-08 10.18 -
Symantec 1.3.0.24 20100407.002 2010-04-07 0.28 -
nProtect 20100405.01 7907880 2010-04-05 7.72 -
The Hacker 6.5.2.0 v00257 2010-04-08 0.48 -
VBA32 3.12.12.4 20100407.2055 2010-04-07 2.92 -
VirusBuster 4.5.11.10 10.122.36/2039118 2010-04-07 2.37 -

 

[computernooob]

VirSCAN.org Scanned Report :
Scanned time : 2010/04/08 15:36:38 (BST)
Scanner results: 39% Scanner(s) (14/36) found malware!
File Name : spoolsv.exe
File Size : 82944 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : f477454e5441775dc37fd877c9bfd446
SHA1 : c7b9e363ceac2df24b809bec21b98a3e1ed72f88
Online report : http://virscan.org/report/0b3d8abf1c45dfdf90f45977044c7925.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100408214355 2010-04-08 29.46 Virus.Win32.SdBot!IK
AhnLab V3 2010.04.08.00 2010.04.08 2010-04-08 3.01 -
AntiVir 8.2.1.210 7.10.6.48 2010-04-08 0.32 W32/Virut.Gen
Antiy 2.0.18 20100408.4160000 2010-04-08 0.12 -
Arcavir 2009 201004081006 2010-04-08 0.11 -
Authentium 5.1.1 201004080309 2010-04-08 1.50 -
AVAST! 4.7.4 100408-0 2010-04-08 0.01 Win32:Vitro
AVG 8.5.720 271.1.1/2798 2010-04-08 1.37 -
BitDefender 7.81008.5596693 7.31138 2010-04-08 3.55 Win32.Virtob.Gen.12
ClamAV 0.95.3 10715 2010-04-08 0.02 -
Comodo 3.13.579 4539 2010-04-08 1.44 -
CP Secure 1.3.0.5 2010.04.02 2010-04-02 0.00 -
Dr.Web 5.0.2.3300 2010.04.08 2010-04-08 6.60 -
F-Prot 4.4.4.56 20100407 2010-04-07 1.47 -
F-Secure 7.02.73807 2010.04.08.06 2010-04-08 10.72 Virus.Win32.Virut.ce [AVP]
Fortinet 4.0.14 11.673 2010-04-08 12.31 -
GData 19.10964/19.872 20100408 2010-04-08 12.32 Virus.Win32.Virut.ce [Engine:A]
ViRobot 20100407 2010.04.07 2010-04-07 0.72 -
Ikarus T3.1.01.80 2010.04.08.75580 2010-04-08 7.43 Virus.Win32.SdBot
JiangMin 13.0.900 2010.04.08 2010-04-08 1.52 -
Kaspersky 5.5.10 2010.04.08 2010-04-08 0.08 Virus.Win32.Virut.ce
KingSoft 2009.2.5.15 2010.4.8.16 2010-04-08 0.91 -
McAfee 5400.1158 5945 2010-04-08 0.02 -
Microsoft 1.5605 2010.04.08 2010-04-08 7.73 Virus:Win32/Virut.BN
Norman 6.04.11 6.04.00 2010-04-08 6.01 -
Panda 9.05.01 2010.04.07 2010-04-07 5.44 -
Trend Micro 9.120-1004 6.980.06 2010-04-08 0.00 -
Quick Heal 10.00 2010.04.08 2010-04-08 1.80 W32.Virut.G
Rising 20.0 22.42.03.03 2010-04-08 1.32 -
Sophos 3.06.0 4.52 2010-04-08 3.49 W32/Scribble-B
Sunbelt 3.9.2412.2 6151 2010-04-08 5.85 Virus.Win32.Virut.ce (v)
Symantec 1.3.0.24 20100407.002 2010-04-07 0.05 W32.Virut.CF
nProtect 20100405.01 7907880 2010-04-05 9.65 -
The Hacker 6.5.2.0 v00257 2010-04-08 0.58 -
VBA32 3.12.12.4 20100407.2055 2010-04-07 2.97 -
VirusBuster 4.5.11.10 10.122.36/2039118 2010-04-07 2.70 Win32.Virut.AB.Gen

 

[computernooob]

hi catbyte, ive scanned every thing you asked for and sent that file, but i can tell that this int looking good. and im sorry but my knowledge of computers isnt very good. can you please tell me this, does reformating and reinstalling mean that i will lose all of my documents!? because i have precios files that i cant lose. pleas reply quik.

 

[computernooob]

http://forums.techguy.org/windows-xp/499568-guide-reinstall-windows.html

is this what a reinstall is? because this says i wont lose any files and if i do thiswill it get rid of the virut?

 

[CatByte]

NO:

You will need to REFORMAT - then reinstall:






VIRUT is a polymorphic file infector with some additional features. It spreads all around the drive and infects even files infected by another virus previously.

Unfortunately, the cleaning of this virus is not possible.

The only thing we recommend is to do a full reformat and install.

We have an excellent tutorial on how to reformat here

and for a Vista reformat re-install HERE

We do not recommend trying to save any files from this machine as they could all be infected and will simply re-infect your system again, there is no way of being certain what this infection can do.

You may be OK saving music files, pictures and document, but I can't guarantee it.

Read more about the VIRUT FILE INFECTOR HERE

If you don't have a Windows Installation Disk (if this came with Windows pre-installed), you may have a Manufacturer restore disk to restore the computer to its original state - this depends on the Manufacturer though. Otherwise, give the Manufacturer a call and ask them to send you a restore disk or Windows installation CD.

Should you have any questions, please feel free to ask.

I am sorry there is nothing more that we can do.


More information:

http://free.avg.com/66558
There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.

http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034
W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)

Miekiemoes, a highly regarded expert in malware removal, and an MS-MVP,
has an extremely informative blog post about Virut. - she only ever recommends a total reformat.

At least this way, you have the best chance of having a clean machine once more.

For future protection read this very well written article Think Prevention.

 

[computernooob]

hi catbyte and thankyou for all your help it has been much appreciated. but i still have a few questions.

1) the only thing i need from this machine is my documents- the whole file. isnt there any way i can scan it to see if it is infected. because i NEED it, it has pictures and documets which mean more than anythng to me.

2) how shall i back it up, i dont have a external harddrive. and my documents is a 18gb file. the only thing i have is like 20, 4.2gbs dvd+r, can i use these? or will i have to buy a external harddive?

3) my keyboard dosnt work!? do i need this in the reformat, reinstall process? please tell me if i do so i cn go and buy one.

4) i cant find my Windows KEY. what does it look like? how many digits? jusr numbers, or is it bth letter and number?

please reply soon

 

[computernooob]

nvm question 4. found the key