win32 /Virut.bm and more

Discussion in 'Malware Help (A Specialist Will Reply)' started by sandb, Aug 6, 2009.

  1. sandb

    sandb Private E-2

    Thanks so much for your expert tech support, I have completed all the runs in the guide and tutorial read and run me first. Please find all of the required files.

    Note, I have included two files for SAS as I ran this prior to finding this site.

    I am still not able to obtain access to ms or symantec. I had the following error when running MG tools

    ProcessDll.exe - Application Error
    The application failed to initialize properly (0Xc000007B). Click on OK to terminate the application.

    unable to access the ms site to download file to correct the above message
     

    Attached Files:

    sandb, Aug 6, 2009
    #1
  2. sandb

    sandb Private E-2

    Please find the second set of files.

    Again thank you for the help and advice.
     

    Attached Files:

    sandb, Aug 6, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I'm sorry to have to bring you the below bad news.

    I can see the reason for your problems. Your logs show that your Windows Operating system files have become infected with a Virut infection and there is no known reliable fix for this. In addition there are many many other infected files. We could spend a lot of time trying to remove this infection, but odds are that it will not work because the nature of the infection has so many executable system files infected that as soon as we fix one file, other files that are infected will almost immediately or upon the next reboot, just reinfect the files. In addition, your PC would still basically be unreliable/untrustworthy even if we manage to fix the infected files that we can see since there could be many more that we are not seeing.

    The safest thing for you to do is backup your personal data immediately since your PC could possibly become unbootable at any point in time. Do not back up any executable files. This includes programs that you have downloaded since any of them could be infected.

    Once you backup, you need to format partitions and reinstall Windows and all other software especially your protection software. Then install all updates for all software. DO NOT reinstall from any executable file backups you made while this PC was infected or you will just be reinstalling the infection.
     
    chaslang, Aug 8, 2009
    #3
  4. sandb

    sandb Private E-2

    Thanks for your reply, I have not given up. I did a system repair install. I'm thinking about installi g xp on my e drive after a format to clean the c drive. Or should I try to install to my external? Last q for now what will I need to purchase to enable me to connect and scan from a separate hard drive? I was able to update symantec it looksike mfp is working.
    Thanks again.

    Btw my xpsp3 xd just shipped from dell I will get it on wed. I will buy ms sm small bus office 2007 from costco. The only other thing I need to start fresh is symantec endpoint do you know if the co serial I have currently will work with a trial version from the net?
    I could really use your help still

     
    sandb, Aug 8, 2009
    #4
  5. sandb

    sandb Private E-2

    What is the anti-virus software major recommends? I plan on purchasing personally as it does not look like I can reinstall norton endpoint.

    QUOTE=sandb;1369100]Thanks for your reply, I have not given up. I did a system repair install. I'm thinking about installi g xp on my e drive after a format to clean the c drive. Or should I try to install to my external? Last q for now what will I need to purchase to enable me to connect and scan from a separate hard drive? I was able to update symantec it looksike mfp is working.
    Thanks again.

    Btw my xpsp3 xd just shipped from dell I will get it on wed. I will buy ms sm small bus office 2007 from costco. The only other thing I need to start fresh is symantec endpoint do you know if the co serial I have currently will work with a trial version from the net?
    I could really use your help still[/QUOTE]
     
    sandb, Aug 9, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This will not remove the infection.

    What is the E drive? If it was already a partitioned drive in this system and it contained any executable type files at all, it may be infected too.

    You need to do what I said before. You original boot drive cannot be cleaned and if you attempt to keep it, you will reinfect your system.


    I repeat! You cannot clean this infection. Don't waste your time. Your PC will be unreliable and untrustworthy which could result in loss of personal information.
     
    chaslang, Aug 12, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Aug 12, 2009
    #7
  8. sandb

    sandb Private E-2

    No but it got me back into windows where I could run programs make repairs. Fix my host fe get new birds defy ect... It look totally clean, I have run thru the sequence a 2nd time everything is coming up clean this time. Sep is currently running a full scan. I ran sfc/scannow and will perform again when symante. Is complete. I would like to resubmit logs for your review if you are still willing to take a look for me. Is it possible to install windows on my external drive to boot up to then run a scan on the laptop?
    Thanks again for your help and time.


    I repeat! You cannot clean this infection. Don't waste your time. Your PC will be unreliable and untrustworthy which could result in loss of personal information.[/QUOTE]
     
    sandb, Aug 12, 2009
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If your goal is to try and remove all traces of the Virut infection by doing this then the answer is no. You cannot reliable clean Virut infections. Many scanners will not even locate the new forms and running the scan from another driver could potentially just delete 100's of files that are required for your Windows OS to function. Thus (if this happened) you would no longer be able to boot from the hard disk afterwards. And if you leave just 1 single infected file behind or you back up just 1 single infected file and then reuse it later, you will respread the infection again.
     
    chaslang, Aug 15, 2009
    #9
  10. sandb

    sandb Private E-2

    IT is going to take a look at my pc next week. what about all of the programs which have been stored on my external drive with exe extensions as well as the html files? Will I have to delete these as well?
     
    sandb, Aug 15, 2009
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Virut and other similar type PE file infectors can infect ALL executable files on all drives, even shared drives on a network and removable drives. Thus there is a possibility that it has spread to your external drive. If you leave just one infected file around, you will reinfect your whole system again as soon as that file is accessed. I cannot say for sure that your removable drive is infected. I'm just telling you what Virut can do.
     
    chaslang, Aug 17, 2009
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds