Done Run and Read me First but still have massive virus!

Hi guys.

I have a pretty big virus I can't seem to get rid of. Trying to download the classic Tom Hanks film 'Big' I came across a site which has started making my Avira Antivirus program send warning pop ups like mad. There are three differing file types that the antivirus detects and it detects them in different places each time on the computer. When you click 'Deny Access' to one of the pop ups, that popup disappear but another few pop up in its place. This goes on and on and it is impossible to make the pop ups stop.

After a while the computer gets so slow and bogged down becasue of the popups and become unusable. So, the only way i can actually use my computer is to turn off Avira AntiVirus Guard and use the computer unprotected.

Incidentally the three virus names that pop up are 'W32/Ramnit.C' virus, 'TR/Starter.y' Trojan and 'EXP/CVE-3020-2568.a' exploit.

So I did all the steps I could in the READ ME FIRST thread apart from COMBOFIX and RootRepeal. Rootrepeal I did not even try to use as I have windows xp 64 bit version and it says not to. Combofix I tried to use as on your windows xp tutorial it says to, but on the link you provide that explains how to use it on 'bleepingcomputer.com' it says not to if you have xp 64 bit. As you had specified specifically not to use rootrepeal with 64 bit systems but not with combofix I thought I would give it a go. It came up with an error saying my OS wasn't compatible so maybe that's something you want to add to your guide.

When I have my antivirus switched off the only thing I can notice the virus doing is it redirects me to some random advertising webpages with a lady with her tits out at the top of the page and it has blocked access to certain websites such as 'bleepingcomputer.com' and microsoft support websites.

I am not sure if the antivirus program is triggering the virus to duplicate itself or that all sorts of bad things are happening when I turn off my virus protection but as my virus protection is off I just can't notice it.

I am debating changing to a different antivirus program that deals with virus's in a different way (automatically perhaps) because Avira is causing my machine to slow down to a halt.

One final thing is that before I found this blog I ran Malware bytes quick scan while Avira was on and it deleted some dangerous files but it had no effect. Over 200 Avira pop up boxes appeared for the duration though.

Then I reinstalled it (renaming it) as part of your guide and it did not find anything this time. I have provided the log for the latest search but I have the other one too if you need it.

Thanks for your help. I really hope it goes! Don't want to lose all my files....

 

Thanks for your prompt reply. I think I am screwed though.

I ran the first program and it came up with nothing. Log is attached.

As with almost all these files the website to download them is blocked. I have been downloading them on a different computer, then converting the .exe files into .rar files so they can be emailed over to the computer with the problem and running it from there.

I did the same with ESET's online scanner and transferred the special Mozila .exe file. However, when I run it, it runs but cannot update itself. I click 'Start' . It says 'downloading components' but then stops and says 'Can not get update. Is proxy configured?' and stops.

Just a note that I have been doing all these in normal mode, not safe mode. Once I booted in safe mode and the pop ups didn't happen but it was probably more becasue Avira was off (I'm not sure that it was but this is my guess) in safe mode or , less likely, that the virus wasn't operating in safe mode.

If I need to reformat my computer e.t.c and start from scratch is there any way I can save some files! Some phots and important documents. I am pretty sur my USB is infected and so don;t want to take that to any other comp. Could I just e-mail it all somewhere or would that risk spreading it. So far I have only been e-mailing TO the infected comp.

Here is the log.

Thanks for your help.

Here is the log.

 

Haha, I have installed a lot of poker sites over the years!

Thanks for your tip on trying to run ESET in safe mode. It is running at the moment and by the looks of it is going to take a VERY long time. It has been stuck on 36% for half an hour but is still scanning files, just very slowly.

It has detected 33 infected files so far and they are ramnit files. This is the first scanner to actually find Ramnit files aprt from Aviras popups. I hope that it can delete them too. When (if?) it ever finished I will post back here.

Thanks for your help so far.