Infection help needed

Discussion in 'Malware Help (A Specialist Will Reply)' started by djg123, Nov 2, 2009.

  1. djg123

    djg123 Private E-2

    My PC became infected yesterday and I've been incredibly stressed ever since.

    I was browsing with opera and suddenly Zonealarm started saying various files made up of random characters were trying to access the net or to set themselves to run on startup. As far as I was aware Id managed to Deny all of them access, but I then found that my google search results were being redirected.

    I ran superantispyware and malwarebytes and they seemed to find and remove a few things. I ran rootrepeal and saved the log, but when I shut down AVG and ran combofix it said it could not run as the OS was not supported, then Task Manager started showing lots of new files ending tmp were running and three new icons appeared on my desktop. I realoaded AVG and and it started finding that more and more of my executables were infected with Win32/Heur or Win32/Virut.

    I've run Mgtools, but it kept saying access is denied. As AVG was popping up alerts all the time, I didnt feel safe in shutting it down.

    I've attached the superantispyware, malwarebytes, rootrepeal and mglogs below.

    I've a nasty feeling Im going to have to format and reinstal, but I'd welcome your advice!

    Thanks a lot!

    Darren
     

    Attached Files:

    djg123, Nov 2, 2009
    #1
  2. djg123

    djg123 Private E-2

    oh, also when I try to boot in Safe Mode, I just get the bsod.

    From searching this forum for Virut, I'm gathering that a format and reinstal is going to be needed. :(
     
    djg123, Nov 2, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    This is the key to your problems which are extremely severe as you will see below.

    Sorry to give you the bad news but you will have to do a total clean reinstall.

    I can see the reason for your problems. Your logs show that your Windows Operating system files have become infected by a Virut infection and there is no known reliable fix for this. In addition there are many many other infected files. We could spend a lot of time trying to remove this infection, but odds are that it will not work because the nature of the infection has so many executable system files infected that as soon as we fix one file, other files that are infected will almost immediately or upon the next reboot, just reinfect the files. In addition, your PC would still basically be unreliable/untrustworthy even if we manage to fix the infected files that we can see since there could be many more that we are not seeing.

    The safest thing for you to do is backup your personal data immediately since your PC could possibly become unbootable at any point in time. Do not back up any executable files. This includes programs that you have downloaded since any of them could be infected. Anything you may have already backed up that is an executable type file (things you downloaded to install programs....etc) are most likely infected and will cause you to be reinfected if you reuse these files.

    Once you backup, you need to format partitions and reinstall Windows and all other software especially your protection software. Then install all updates for all software. DO NOT reinstall from any executable file backups you made while this PC was infected or you will just be reinstalling the infection.
     
    chaslang, Nov 2, 2009
    #3
  4. djg123

    djg123 Private E-2

    Thanks for your reply. I'll do a wipe and reinstall tomorrow.

    As I'm resigned to the fact that I'll be formatting my HD, is there any way to edit my first post to remove the logs, so theyre not there for the world to see?

    Thanks
     
    djg123, Nov 2, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There is nothing in them that you need to be concerned with especially since they are rather incomplete due to the infection.

    Note: ALL partitions will need to be deleted and recreated, that includes J,K,L, & M since Virut will infect all executable type files on all drives. If even one infected file remains and you access it, you will reinfect your whole system.
     
    chaslang, Nov 2, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds