MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 01-07-12, 17:59
Brokenstick Brokenstick is offline
Private E-2
 
Join Date: Jan 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default EMail USPS Virus, + Virus:HTML/Virut.BH, BN

I hope you are able to help.

Source of Infection:
On 01/06/2012 a momentary lapse of not reading an e-mail or the attachment's extension carefully left me with the USS email virus - hidden files, url re-direction and ultimately a corrupt boot record.

What Steps I Have Taken So Far:
Before having the opportunity to learn about Major Geeks, I made an effort to get up and running, discovering a "fake" MBR and getting rid of it with GParted and rewriting the record with BootRec, then running MalwareBytes' and ComboFix. They helped and gave me some hints, and eventually I managed to make progress.

After coming across the thread Email USPS virus - all files hidden, url redirection, I tried to adopt some of the instructions to my situation, i.e., running MalwareBytes again, SuperAntiSpyware, Combofix with the CFscript (modified to fit my particular situation re: KB*.sys), and MGTools

Current Status:
(1) No more redirection
(2) Probably majority of files/directoris are NOT hidden anymore, although taskbar and some desktop items are hidden yet when I try to create another it tells me that one already exists
(3) MGTools will (subsequently) not work and crashes, as do other programs, immediately upon opening
(4) Microsoft Office wants to reconfigure itself, then can't find the key information, etc.
(5) Microsoft Security Essential is now continuously giving me notifications of infection by Virus:HTML/Virut.BH, BN and other variants -- mostly .HTML files, but including .EXE files

Attached are the logs that have been generated over the course of my efforts.

I am running Windows 7 (Enterprise) 64-bit with SP1. I was running Microsoft Security Essentials at the time of infection, which simply disappeared from the face of my computer (and subequently re-installed).

Please consider helping me in any way possible -- direct instruction, reference, referral, etc.

Thank you,

Brokenstick
Attached Files
File Type: txt ComboFix.txt (24.7 KB, 4 views)
File Type: txt mbam-log-2012-01-07 (03-36-48).txt (2.6 KB, 3 views)
File Type: log SUPERAntiSpyware Scan Log - 01-07-2012 - 09-45-08.log (60.4 KB, 3 views)
File Type: zip 1-MGlogs.zip (280.8 KB, 5 views)
Reply With Quote
Sponsored links
  #2  
Old 01-08-12, 15:17
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,428
Thanks: 430
Thanked 4,578 Times in 4,332 Posts
Default Re: EMail USPS Virus, + Virus:HTML/Virut.BH, BN

Please download and save the below tool from Grinler @ bleepingcomputer to your Desktop or anywhere else you can find it ( if the Desktop is not showing )

http://download.bleepingcomputer.com/grinler/unhide.exe

Now run it. Now see if you can find the items that seemed to be missing?

Now please do this online scan:
eSet Online Scan.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #3  
Old 01-09-12, 06:51
Brokenstick Brokenstick is offline
Private E-2
 
Join Date: Jan 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: EMail USPS Virus, + Virus:HTML/Virut.BH, BN

Thank you very much.

I will do those two items right away.

I have an additional question: There are actually two drives in my 'puter configured as RAID 1; does this present any malware removal issues in and of itself?

Again, many thanks!
Reply With Quote
  #4  
Old 01-09-12, 12:47
Brokenstick Brokenstick is offline
Private E-2
 
Join Date: Jan 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: EMail USPS Virus, + Virus:HTML/Virut.BH, BN

The "unhide.exe" file seems to have worked.

The results of the eSet Online Scanner are attached.

eSet Online Scanner Log 2012-01-09.txt
Reply With Quote
  #5  
Old 01-09-12, 15:03
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,428
Thanks: 430
Thanked 4,578 Times in 4,332 Posts
Default Re: EMail USPS Virus, + Virus:HTML/Virut.BH, BN

What issues are you still having?
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
Sponsored links
  #6  
Old 01-09-12, 18:43
Brokenstick Brokenstick is offline
Private E-2
 
Join Date: Jan 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: EMail USPS Virus, + Virus:HTML/Virut.BH, BN

Microsoft Office required me to go through the repair and activation process, but works fine so far.

Adobe Acrobat Pro and Windows scanning seem to be an issue, but I am thinking it may just need a driver reinstall.

Not that serious but none of the Win 7 games work (the apps crash on launch). I uninstalled them and then reinstalled them through the control panel, but no luck.

Microsoft Security Essentials continues to "detect" Virus:HTML/Virut.BH. encounters an "error" in trying to disinfect the files; the error is that it can't find the "virus".
Reply With Quote
  #7  
Old 01-10-12, 14:20
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,428
Thanks: 430
Thanked 4,578 Times in 4,332 Posts
Default Re: EMail USPS Virus, + Virus:HTML/Virut.BH, BN

Where is MSE finding the virus? Do you have a log?

Your other issues should be addressed in the software forum.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #8  
Old 01-11-12, 13:57
Brokenstick Brokenstick is offline
Private E-2
 
Join Date: Jan 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: EMail USPS Virus, + Virus:HTML/Virut.BH, BN

Surprisingly, MSE does NOT have a log!

The infected files initially found were all over the place, and most were successfully disinfected according to MSE (executables and non-executables).

Then they were mainly .html or .htm files in the Adobe directory, and primarily the "Legal" and "Help" files for the various Adobe applications.

The most recent were the .html files in PhoneGap application directories.
Reply With Quote
  #9  
Old 01-11-12, 14:27
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,428
Thanks: 430
Thanked 4,578 Times in 4,332 Posts
Default Re: EMail USPS Virus, + Virus:HTML/Virut.BH, BN

You can double check those files by uploading them to Jotti:

Click on the following link and upload the file: Virustotal
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #10  
Old 01-12-12, 14:58
Brokenstick Brokenstick is offline
Private E-2
 
Join Date: Jan 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: EMail USPS Virus, + Virus:HTML/Virut.BH, BN

Thank you very much for all of your help. I am sure you do not need me to tell you what a tremendous service you provide to the online community.

I am very grateful personally for your help.
Reply With Quote
Sponsored links
  #11  
Old 01-12-12, 15:07
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,428
Thanks: 430
Thanked 4,578 Times in 4,332 Posts
Default Re: EMail USPS Virus, + Virus:HTML/Virut.BH, BN

You are most welcome. Safe surfing.

If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /uninstall
      • Notes: The space between the combofix" and the /uninstall, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


  3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
  4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  7. Go to add/remove programs and uninstall HijackThis.
  8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
  9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning procedures pointed to by step 7 of the READ ME
      for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.

  10. After doing the above, you should work thru the below link:


Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
Reply

Tags
usps virus, virus:html/virut.bh

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Email USPS virus - all files hidden, url redirection arnoldus Malware Removal 27 12-25-11 19:42
USPS virus sephiroth18 Malware Removal 4 10-28-11 14:29
I got a virus. lsm2.sys sv2.exe sv3.exe a Virut virus? Makoro Malware Removal 2 10-10-09 14:00
Virut Virus Remove Stefanus Malware Removal 1 10-05-09 20:29
Win32/Virut.NBP Virus Mrdelicious0830 Malware Removal 1 09-23-09 02:42


All times are GMT -5. The time now is 14:18.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger