New Win32 Virus

Discussion in 'Malware Help (A Specialist Will Reply)' started by dizydolly, Nov 4, 2009.

  1. dizydolly

    dizydolly Private E-2

    I think I have this New Win32 virus on my laptop (Windows XP). I accidentally installed something on my machine on Sunday, which looked like something from Sun Microsystems, but wasn't. I have McAfee on my machine and the minute it popped up with this virus threat, I ran a full system scan and also ran Malwarebytes, which detected a couple of infected files and deleted them. I then restarted my machine, but the virus had affected my userinit.exe file, so I wasn't able to login to Windows. I somehow managed to use Recovery Console to copy this .exe file so that I could login and run another full McAfee scan, but on reboot I keep getting these popups from McAfee about this virus. I think most of my .exe files have been corrupted.

    I couldn't follow the steps in this doc - http://forums.majorgeeks.com/showthread.php?t=139313, because my machine is not letting me install any new software.

    Is there anyway to remove the virus, or is reformatting the only option left for me? Any assistance would be greatly appreciated.
    Thanks in advance.
     
    dizydolly, Nov 4, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    First we need to determine what your problem really is before we can answer this. If you have a Virut infection, you will be reinstalling. Please try ALL of the below steps. DO NOT stop if any single step does not work. If necessary download the tools on another PC and burn onto a CD. Then use the CD to copy them to the infected PC. DO NOT USE A FLASH DRIVE because you could infect it. DO NOT run the tools from the CD especially MGtools because it will not work if you do this. MGtools.exe must be copied to the root (base) folder of your Windows boot drive.



    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click and choose Run as Administrator



    You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    1. Rkill.exe
    2. Rkill.com
    3. Rkill.scr
    4. Rkill.pif
    Once you've gotten one of them to run then try to immediately run the following.


    Now download and Run exeHelper from Raktor
    • Please download exeHelper to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file named log.txt will be created in the directory where you ran exeHelper.com
    • Attach the log.txt file to your next message.
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Now run this: Using Malwarebytes Anti-Malware

    Now run this: Using MGtools


    Now you need to attach (See: HOW TO: Attach Items To Your Post ) the below logs created while running the above scans
    • exeHelper log
    • Malwarebytes Anti-Malware log
    • MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.
     
    chaslang, Nov 7, 2009
    #2
  3. dizydolly

    dizydolly Private E-2

    Thank you for taking the time to look into this. I tried logging into my laptop to perform the steps you had suggested, but looks like the virus got to my explorer.exe file, so I couldn't get to the desktop (couldn't view anything on the desktop). I tried repairing the XP install, but that didn't work out either since I kept getting the BSOD everytime it tried to install the drivers(inspite of trying chkdsk from the recovery console). That left me with only the 'reformat/fresh install of XP' option, which I'm doing right now. I'm assuming that this would take care of the malware(s) that were present earlier. Is that true? Or, do you want me to run any of steps/diagnostics that you mentioned in your post, once my system is back up?

    Again, thank you for spending time on this, and sorry for not being able to run the procedures that you recommended.
     
    dizydolly, Nov 8, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Actually to really be sure I would delete partitions first, then recreate partitions, then format and reinstall. Either way you should definitely use a good antivirus program to rescan your PC immediately after the reinstall.

    Note if you had a Virut infection it could have spread to any USB drives of other computers used to access this one. Also if you backed up any executable type files while infected, you will reinfect your system if you use these infected backups. It only takes one infected Virut file to cause total reinfection.
     
    chaslang, Nov 11, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds