1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Badly infected computer, please help.

Discussion in 'Virus & Other Malware Removal' started by computernooob, Apr 7, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. computernooob

    computernooob Thread Starter

    Joined:
    Apr 6, 2010
    Messages:
    82
    hi everybody,

    im having major problems with my pc i use windows xp sp2. where should i start, im havin so many problems with my pc about 7 error messages come up when i start my pc (i will be posting these) i have scanned my pcc with both avg and malwarebytes. but even these programs cannot get rid of them. please help guys. and also sorry if this message is too brief and lacks info, and sorry for the bad english. you see on top of everything my keyboard is not working! im having to usethe annoying on screen keybord :(. pleae help

    here is th hjt log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:01:23, on 07/04/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
    C:\WINDOWS\system32\osk.exe
    C:\WINDOWS\system32\MSSWCHX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.internetdownloadmanager.com/welcome.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
    O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6A6511C7-4112-4785-BDD0-3BD32CE5EDED}: NameServer = 193.36.79.100 80.10.246.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
    O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
    O23 - Service: Google Update Service (gupdate1c9f5b1a2c085f4) (gupdate1c9f5b1a2c085f4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

    --
    End of file - 12443 bytes
     
  2. computernooob

    computernooob Thread Starter

    Joined:
    Apr 6, 2010
    Messages:
    82
    here are the error messages thate come up every time i start my pc.

    [​IMG]
    [​IMG][​IMG][​IMG][​IMG][​IMG]
     
  3. computernooob

    computernooob Thread Starter

    Joined:
    Apr 6, 2010
    Messages:
    82
  4. computernooob

    computernooob Thread Starter

    Joined:
    Apr 6, 2010
    Messages:
    82
    the computer is working really slow now..... help :(
     
  5. computernooob

    computernooob Thread Starter

    Joined:
    Apr 6, 2010
    Messages:
    82
    ok, something VERY strange just happend this morning, firsr i connected to the internet.... and then it happend. three new icons appeared on my desktop. i can only remember one of them but they were all very simmilar. the one i remember read pornotube.com and there were 2 others simmilar. then this error message saide windowsexplorer.exe must close and i gave me 2 options: send or dont send i clicked dont send an eveything exept wallpaper dissapeared. about 10 secs later everything came up. and thena avg message came up it said malware found so i clicked remove and then those 3 icons dissapeared and another avg message came up and it said: malware has just been removed, and it made me restart my pc. and now those 3 i cons are gone but i still get those error messages telling me that ive got trojans and viruses (which i previously posted). So please help me, as i fear my computer might literally die :(
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    The message you received indicated you have virut

    Virut is a polymorphic file infector. This infection cannot be cleaned. If we confirm this is the case, the only thing you can do is a complete reformat and re-install.

    Let's run a diagnostic test to make sure:

    Please do the following:


    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

      c:\windows\system32\userinit.exe
    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.

    Please do the same for the following files:
    c:\windows\explorer.exe
    c:\windows\system32\ctfmon.exe
    c:\windows\system32\spoolsv.exe


    NEXT


    We would be grateful if you could assist us in our research into this infection by providing us with some samples and information from your machine. This will only take a minute or two to complete, and is very simple. If you wish to help us, please do the following:
    • Download VAPrep.bat and save it to your Desktop.
    • Double-click VAPrep.bat to run it. It will only take a moment to complete.
    • When done, please right-click the VAPrep folder which should now be on your Desktop. Select Send To >> Compressed (zipped) Folder.
    • Next, please go to this webpage.
    • Browse to the VAPrep.zip zipped folder you just created.
    • Click Send File.
    Once done, you can delete the VAPrep folder and .zip file from you Desktop. Thanks for helping us out.
     
  7. computernooob

    computernooob Thread Starter

    Joined:
    Apr 6, 2010
    Messages:
    82
    VirSCAN.org Scanned Report :
    Scanned time : 2010/04/08 15:18:04 (BST)
    Scanner results: 56% Scanner(s) (20/36) found malware!
    File Name : userinit.exe
    File Size : 44032 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 1cadcf0ff81a21fd302c6e221ee2bdbf
    SHA1 : f3aa35863bbb4ef388d80c4a85397c45e61955b9
    Online report : http://virscan.org/report/987e24beab4520e7e90d616d23578d7f.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 4.5.0.8 20100408214355 2010-04-08 6.64 Trojan-Downloader.Win32.Obitel!IK
    AhnLab V3 2010.04.08.00 2010.04.08 2010-04-08 1.64 -
    AntiVir 8.2.1.210 7.10.6.48 2010-04-08 0.28 W32/Virut.Gen
    Antiy 2.0.18 20100408.4160000 2010-04-08 0.12 -
    Arcavir 2009 201004081006 2010-04-08 0.04 -
    Authentium 5.1.1 201004080309 2010-04-08 2.01 -
    AVAST! 4.7.4 100408-0 2010-04-08 0.01 Win32:Kavos [Trj]
    AVG 8.5.720 271.1.1/2798 2010-04-08 1.44 Win32/Heur
    BitDefender 7.81008.5596693 7.31138 2010-04-08 3.70 Win32.Virtob.Gen.12
    ClamAV 0.95.3 10715 2010-04-08 0.01 PUA.Packed.ASPack
    Comodo 3.13.579 4539 2010-04-08 1.94 Virus.Win32.Virut.Ce
    CP Secure 1.3.0.5 2010.04.02 2010-04-02 0.00 -
    Dr.Web 5.0.2.3300 2010.04.08 2010-04-08 6.47 Win32.Virut.56
    F-Prot 4.4.4.56 20100407 2010-04-07 1.90 -
    F-Secure 7.02.73807 2010.04.08.06 2010-04-08 0.40 Virus.Win32.Virut.ce [AVP]
    Fortinet 4.0.14 11.673 2010-04-08 1.08 -
    GData 19.10964/19.872 20100408 2010-04-08 11.27 Virus.Win32.Virut.ce [Engine:A]
    ViRobot 20100407 2010.04.07 2010-04-07 1.01 -
    Ikarus T3.1.01.80 2010.04.08.75580 2010-04-08 5.67 Trojan-Downloader.Win32.Obitel
    JiangMin 13.0.900 2010.04.08 2010-04-08 3.46 -
    Kaspersky 5.5.10 2010.04.08 2010-04-08 0.33 Virus.Win32.Virut.ce
    KingSoft 2009.2.5.15 2010.4.8.16 2010-04-08 3.61 -
    McAfee 5400.1158 5943 2010-04-06 0.02 -
    Microsoft 1.5605 2010.04.08 2010-04-08 9.49 Virus:Win32/Virut.BN
    Norman 6.04.11 6.04.00 2010-04-08 6.01 -
    Panda 9.05.01 2010.04.07 2010-04-07 8.41 Suspicious file
    Trend Micro 9.120-1004 6.980.06 2010-04-08 0.00 -
    Quick Heal 10.00 2010.04.08 2010-04-08 2.21 W32.Virut.G
    Rising 20.0 22.42.03.03 2010-04-08 1.51 -
    Sophos 3.06.0 4.52 2010-04-08 3.33 W32/Scribble-B
    Sunbelt 3.9.2412.2 6151 2010-04-08 8.52 Virus.Win32.Virut.ce (v)
    Symantec 1.3.0.24 20100407.002 2010-04-07 0.39 W32.Virut.CF
    nProtect 20100405.01 7907880 2010-04-05 7.05 -
    The Hacker 6.5.2.0 v00257 2010-04-08 0.92 -
    VBA32 3.12.12.4 20100407.2055 2010-04-07 2.81 OScope.Trojan.Bofa
    VirusBuster 4.5.11.10 10.122.36/2039118 2010-04-07 3.08 Win32.Virut.AB.Gen
     
  8. computernooob

    computernooob Thread Starter

    Joined:
    Apr 6, 2010
    Messages:
    82
    VirSCAN.org Scanned Report :
    Scanned time : 2010/04/08 15:25:18 (BST)
    Scanner results: 42% Scanner(s) (15/36) found malware!
    File Name : explorer.exe
    File Size : 1057792 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : a8572136d93d952d2640971e6f5426ce
    SHA1 : c4c1daeb958c595cb9443f9d3d51c70c14a7996c
    Online report : http://virscan.org/report/342d8370aaa947bacd5411b03e50c36d.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 4.5.0.8 20100408214355 2010-04-08 5.37 Trojan.Win32.Patched!IK
    AhnLab V3 2010.04.08.00 2010.04.08 2010-04-08 1.19 -
    AntiVir 8.2.1.210 7.10.6.48 2010-04-08 0.36 W32/Virut.Gen
    Antiy 2.0.18 20100408.4160000 2010-04-08 0.13 -
    Arcavir 2009 201004081006 2010-04-08 0.16 Heur.W32
    Authentium 5.1.1 201004080309 2010-04-08 2.44 -
    AVAST! 4.7.4 100408-0 2010-04-08 0.05 Win32:Vitro
    AVG 8.5.720 271.1.1/2798 2010-04-08 1.43 -
    BitDefender 7.81008.5596693 7.31138 2010-04-08 3.56 Win32.Virtob.Gen.12
    ClamAV 0.95.3 10715 2010-04-08 0.18 -
    Comodo 3.13.579 4539 2010-04-08 1.97 -
    CP Secure 1.3.0.5 2010.04.02 2010-04-02 0.00 -
    Dr.Web 5.0.2.3300 2010.04.08 2010-04-08 6.72 -
    F-Prot 4.4.4.56 20100407 2010-04-07 2.20 -
    F-Secure 7.02.73807 2010.04.08.06 2010-04-08 0.15 Virus.Win32.Virut.ce [AVP]
    Fortinet 4.0.14 11.673 2010-04-08 0.32 -
    GData 19.10964/19.872 20100408 2010-04-08 7.48 Virus.Win32.Virut.ce [Engine:A]
    ViRobot 20100407 2010.04.07 2010-04-07 0.61 -
    Ikarus T3.1.01.80 2010.04.08.75580 2010-04-08 5.73 Trojan.Win32.Patched
    JiangMin 13.0.900 2010.04.08 2010-04-08 1.29 -
    Kaspersky 5.5.10 2010.04.08 2010-04-08 0.09 Virus.Win32.Virut.ce
    KingSoft 2009.2.5.15 2010.4.8.16 2010-04-08 0.67 -
    McAfee 5400.1158 5943 2010-04-06 0.02 -
    Microsoft 1.5605 2010.04.08 2010-04-08 7.73 Virus:Win32/Virut.BN
    Norman 6.04.11 6.04.00 2010-04-08 6.01 -
    Panda 9.05.01 2010.04.07 2010-04-07 2.37 -
    Trend Micro 9.120-1004 6.980.06 2010-04-08 0.00 -
    Quick Heal 10.00 2010.04.08 2010-04-08 1.98 W32.Virut.G
    Rising 20.0 22.42.03.03 2010-04-08 1.48 -
    Sophos 3.06.0 4.52 2010-04-08 3.62 W32/Scribble-B
    Sunbelt 3.9.2412.2 6151 2010-04-08 5.09 Virus.Win32.Virut.ce (v)
    Symantec 1.3.0.24 20100407.002 2010-04-07 0.08 W32.Virut.CF
    nProtect 20100405.01 7907880 2010-04-05 5.97 -
    The Hacker 6.5.2.0 v00257 2010-04-08 0.38 -
    VBA32 3.12.12.4 20100407.2055 2010-04-07 3.07 -
    VirusBuster 4.5.11.10 10.122.36/2039118 2010-04-07 3.01 Win32.Virut.AB.Gen
     
  9. computernooob

    computernooob Thread Starter

    Joined:
    Apr 6, 2010
    Messages:
    82
    VirSCAN.org Scanned Report :
    Scanned time : 2010/04/08 15:28:49 (BST)
    Scanner results: Scanners did not find malware!
    File Name : ctfmon.exe
    File Size : 15360 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 24232996a38c0b0cf151c2140ae29fc8
    SHA1 : b36d03b56a30187ffc6257459d632a4faac48af2
    Online report : http://virscan.org/report/935417afe6e1b8d2ca957dba03976919.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 4.5.0.8 20100408214355 2010-04-08 15.00 -
    AhnLab V3 2010.04.08.00 2010.04.08 2010-04-08 1.78 -
    AntiVir 8.2.1.210 7.10.6.48 2010-04-08 0.26 -
    Antiy 2.0.18 20100408.4160000 2010-04-08 0.12 -
    Arcavir 2009 201004081006 2010-04-08 0.03 -
    Authentium 5.1.1 201004080309 2010-04-08 1.33 -
    AVAST! 4.7.4 100408-0 2010-04-08 0.01 -
    AVG 8.5.720 271.1.1/2798 2010-04-08 0.23 -
    BitDefender 7.81008.5596693 7.31138 2010-04-08 3.59 -
    ClamAV 0.95.3 10715 2010-04-08 0.01 -
    Comodo 3.13.579 4539 2010-04-08 1.00 -
    CP Secure 1.3.0.5 2010.04.02 2010-04-02 0.00 -
    Dr.Web 5.0.2.3300 2010.04.08 2010-04-08 6.68 -
    F-Prot 4.4.4.56 20100407 2010-04-07 1.38 -
    F-Secure 7.02.73807 2010.04.08.06 2010-04-08 0.20 -
    Fortinet 4.0.14 11.673 2010-04-08 0.24 -
    GData 19.10964/19.872 20100408 2010-04-08 8.10 -
    ViRobot 20100407 2010.04.07 2010-04-07 0.51 -
    Ikarus T3.1.01.80 2010.04.08.75580 2010-04-08 6.39 -
    JiangMin 13.0.900 2010.04.08 2010-04-08 3.37 -
    Kaspersky 5.5.10 2010.04.08 2010-04-08 0.13 -
    KingSoft 2009.2.5.15 2010.4.8.16 2010-04-08 1.15 -
    McAfee 5400.1158 5943 2010-04-06 0.02 -
    Microsoft 1.5605 2010.04.08 2010-04-08 12.93 -
    Norman 6.04.11 6.04.00 2010-04-08 4.01 -
    Panda 9.05.01 2010.04.07 2010-04-07 2.89 -
    Trend Micro 9.120-1004 6.980.06 2010-04-08 0.00 -
    Quick Heal 10.00 2010.04.08 2010-04-08 2.48 -
    Rising 20.0 22.42.03.03 2010-04-08 2.59 -
    Sophos 3.06.0 4.52 2010-04-08 3.36 -
    Sunbelt 3.9.2412.2 6151 2010-04-08 10.18 -
    Symantec 1.3.0.24 20100407.002 2010-04-07 0.28 -
    nProtect 20100405.01 7907880 2010-04-05 7.72 -
    The Hacker 6.5.2.0 v00257 2010-04-08 0.48 -
    VBA32 3.12.12.4 20100407.2055 2010-04-07 2.92 -
    VirusBuster 4.5.11.10 10.122.36/2039118 2010-04-07 2.37 -
     
  10. computernooob

    computernooob Thread Starter

    Joined:
    Apr 6, 2010
    Messages:
    82
    VirSCAN.org Scanned Report :
    Scanned time : 2010/04/08 15:36:38 (BST)
    Scanner results: 39% Scanner(s) (14/36) found malware!
    File Name : spoolsv.exe
    File Size : 82944 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : f477454e5441775dc37fd877c9bfd446
    SHA1 : c7b9e363ceac2df24b809bec21b98a3e1ed72f88
    Online report : http://virscan.org/report/0b3d8abf1c45dfdf90f45977044c7925.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 4.5.0.8 20100408214355 2010-04-08 29.46 Virus.Win32.SdBot!IK
    AhnLab V3 2010.04.08.00 2010.04.08 2010-04-08 3.01 -
    AntiVir 8.2.1.210 7.10.6.48 2010-04-08 0.32 W32/Virut.Gen
    Antiy 2.0.18 20100408.4160000 2010-04-08 0.12 -
    Arcavir 2009 201004081006 2010-04-08 0.11 -
    Authentium 5.1.1 201004080309 2010-04-08 1.50 -
    AVAST! 4.7.4 100408-0 2010-04-08 0.01 Win32:Vitro
    AVG 8.5.720 271.1.1/2798 2010-04-08 1.37 -
    BitDefender 7.81008.5596693 7.31138 2010-04-08 3.55 Win32.Virtob.Gen.12
    ClamAV 0.95.3 10715 2010-04-08 0.02 -
    Comodo 3.13.579 4539 2010-04-08 1.44 -
    CP Secure 1.3.0.5 2010.04.02 2010-04-02 0.00 -
    Dr.Web 5.0.2.3300 2010.04.08 2010-04-08 6.60 -
    F-Prot 4.4.4.56 20100407 2010-04-07 1.47 -
    F-Secure 7.02.73807 2010.04.08.06 2010-04-08 10.72 Virus.Win32.Virut.ce [AVP]
    Fortinet 4.0.14 11.673 2010-04-08 12.31 -
    GData 19.10964/19.872 20100408 2010-04-08 12.32 Virus.Win32.Virut.ce [Engine:A]
    ViRobot 20100407 2010.04.07 2010-04-07 0.72 -
    Ikarus T3.1.01.80 2010.04.08.75580 2010-04-08 7.43 Virus.Win32.SdBot
    JiangMin 13.0.900 2010.04.08 2010-04-08 1.52 -
    Kaspersky 5.5.10 2010.04.08 2010-04-08 0.08 Virus.Win32.Virut.ce
    KingSoft 2009.2.5.15 2010.4.8.16 2010-04-08 0.91 -
    McAfee 5400.1158 5945 2010-04-08 0.02 -
    Microsoft 1.5605 2010.04.08 2010-04-08 7.73 Virus:Win32/Virut.BN
    Norman 6.04.11 6.04.00 2010-04-08 6.01 -
    Panda 9.05.01 2010.04.07 2010-04-07 5.44 -
    Trend Micro 9.120-1004 6.980.06 2010-04-08 0.00 -
    Quick Heal 10.00 2010.04.08 2010-04-08 1.80 W32.Virut.G
    Rising 20.0 22.42.03.03 2010-04-08 1.32 -
    Sophos 3.06.0 4.52 2010-04-08 3.49 W32/Scribble-B
    Sunbelt 3.9.2412.2 6151 2010-04-08 5.85 Virus.Win32.Virut.ce (v)
    Symantec 1.3.0.24 20100407.002 2010-04-07 0.05 W32.Virut.CF
    nProtect 20100405.01 7907880 2010-04-05 9.65 -
    The Hacker 6.5.2.0 v00257 2010-04-08 0.58 -
    VBA32 3.12.12.4 20100407.2055 2010-04-07 2.97 -
    VirusBuster 4.5.11.10 10.122.36/2039118 2010-04-07 2.70 Win32.Virut.AB.Gen
     
  11. computernooob

    computernooob Thread Starter

    Joined:
    Apr 6, 2010
    Messages:
    82
    hi catbyte, ive scanned every thing you asked for and sent that file, but i can tell that this int looking good. and im sorry but my knowledge of computers isnt very good. can you please tell me this, does reformating and reinstalling mean that i will lose all of my documents!? because i have precios files that i cant lose. pleas reply quik.
     
  12. computernooob

    computernooob Thread Starter

    Joined:
    Apr 6, 2010
    Messages:
    82
  13. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    NO:

    You will need to REFORMAT - then reinstall:






    VIRUT
    is a polymorphic file infector with some additional features. It spreads all around the drive and infects even files infected by another virus previously.

    Unfortunately, the cleaning of this virus is not possible.

    The only thing we recommend is to do a full reformat and install.

    We have an excellent tutorial on how to reformat here

    and for a Vista reformat re-install HERE

    We do not recommend trying to save any files from this machine as they could all be infected and will simply re-infect your system again, there is no way of being certain what this infection can do.

    You may be OK saving music files, pictures and document, but I can't guarantee it.

    Read more about the VIRUT FILE INFECTOR HERE

    If you don't have a Windows Installation Disk (if this came with Windows pre-installed), you may have a Manufacturer restore disk to restore the computer to its original state - this depends on the Manufacturer though. Otherwise, give the Manufacturer a call and ask them to send you a restore disk or Windows installation CD.

    Should you have any questions, please feel free to ask.

    I am sorry there is nothing more that we can do.


    More information:


    Miekiemoes
    , a highly regarded expert in malware removal, and an MS-MVP,
    has an extremely informative blog post about Virut. - she only ever recommends a total reformat.

    At least this way, you have the best chance of having a clean machine once more.

    For future protection read this very well written article Think Prevention.
     
  14. computernooob

    computernooob Thread Starter

    Joined:
    Apr 6, 2010
    Messages:
    82
    hi catbyte and thankyou for all your help it has been much appreciated:). but i still have a few questions.

    1) the only thing i need from this machine is my documents- the whole file. isnt there any way i can scan it to see if it is infected. because i NEED it, it has pictures and documets which mean more than anythng to me.

    2) how shall i back it up, i dont have a external harddrive. and my documents is a 18gb file. the only thing i have is like 20, 4.2gbs dvd+r, can i use these? or will i have to buy a external harddive?

    3) my keyboard dosnt work!? do i need this in the reformat, reinstall process? please tell me if i do so i cn go and buy one.

    4) i cant find my Windows KEY. what does it look like? how many digits? jusr numbers, or is it bth letter and number?

    please reply soon :)
     
  15. computernooob

    computernooob Thread Starter

    Joined:
    Apr 6, 2010
    Messages:
    82
    nvm question 4. found the key
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/915336

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice