Ran the READ ME FIRST but think I still have problems

Hello,

I'll start off by saying that I know embarrassingly little about computers (most of what I described I have done below was actually done or suggested by friends…). So please ‘dumb down’ any suggestions for help as much as possible. Thanks!

So, I'll first just summarize what happened and what I did. As I have no idea what is significant and what is not it is quite a bit of text, so please bear with me.

1 1/2 weeks ago I downloaded a bit torrent file, and after unzipping and opening it (stupid!) my computer crashed. I'm not quite sure what torrent it was, as I deleted it immediately, but I think it was this one:
So yeah, be very careful with this link, I think this file is the virus that completely screwed up my computer!.

After restarting my computer it was ridiculously slow, and could hardly open any programs. I ran McAfee antivirus scan, but this did not too much. Then I deleted McAfee and installed Avast instead (after some problems with getting on the Internet), which found and dealt with about 6500 infected files on the first run. Don’t have a Log or anything, but among the files of which I noted that they were deleted the most (hundreds of times?) were win32:RustNT (Rtk), win32:Trojan-324 (Trj) and win32: Gator-D (Trj).
But the problems still were not over with, for example I could not get onto the Internet anymore at all. I now installed (from a USB stick) ESET NOD32 antivirus, which found and dealt with about 50 infected files in the first two runs (while blocking an even larger number of attacks). There was one detected threat the program could not delete ‘Win32/Virut.NBP Virus’, so I found all the places where it was detected in Explorer and deleted them manually.
Then I downloaded Spybot Search and Destroy, which found 17 malwares and deleted 15 of them. It says it might be able to delete the other two if I run the scan immediately after rebooting, so I do, but now it only finds and deletes one.

At this point everything seems to be working again, but I'm still suspicious… I end up on your forum and do everything suggested in the READ & RUN ME FIRST Malware Removal Guide. Some things work as described but some don't:
Doing Step 3 I find out I have Viewpoint Media Player installed on my computer, but it does not show in the Add/Remove Programs list, nor does it show in ‘YourUninstaller!’. I end up just deleting all related files and folders, but without actually uninstalling it.
Of the five programs to be run in the Windows XP Cleaning Procedure, only the first two (SUPERAntiSpyware and Malwarebytes Anti-Malware) work. They both find and deal with about 15 infected files. ComboFix, RootRepeal, and MGTools all fail to do their thing.
When clicking Run after double-clicking on ComboFix, I see a ‘loading bar’ filling up to 100% and then.….. nothing happens.
After double-clicking on RootRepeal.exe it says: “initializing, please wait”. but again nothing happens. Doing the same with Windows Task Manager open showed that a program called ‘Busy’ does start up after double-clicking on RootRepeal.exe, but is reported as ‘Not Responding’ within seconds.
When trying to run MGTools I get an error message saying “Windows cannot find the file GetLogs.bat. Check if you have entered the name correctly and try again. If you want to search for a file click on Start and then Search”. So I did the latter and it does find the file in C:\Mgtools, so it has created this folder and put a lot of files in there. Tried to run MGTools again, but now got another error message saying “Failed to run GetLogs.bat, working dir = \MGTools (check to see if this file is in the EXE)”. I have attached a HijackThis Log as I think that is one of the logs MGTools was supposed to create.

After the failed attempts to run these last three programs I have some problems. I can't connect to the wireless Internet, and after a while the computer freezes. After restarting I get an error message saying that an error has occurred in winlogon.exe, and that the program has therefore been stopped. But the Internet works again. After restarting again I do not get the error message again, and the Internet still works. I don't have problems for 1 1/2 days.

Just when I’m starting to think my computer is completely healthy again my monitor starts to quite frequently turn dark for a second or so. Before long I get a blue screen telling me that Windows has been shut down to prevent damage. From then on I got the same message every time I try to start up the computer. It says that the problem is probably caused by the file nv4_disp, and that the steering program of the machine has got stuck in an infinite loop. Could still start up the computer in safe mode (with networking), and was eventually able to fix the problem by updating NVIDIA GeForce FX 5200. Now I know (Google!) that this particular problem is not necessarily caused by a virus, but the suspicious timing makes me think that in my case it was.

So even though my computer has been working fine after fixing this infinite loop problem (only a couple of hours ago), and ESET NOD32 does not detect any viruses, I'm still afraid there is some kind of virus left on my computer. I'm really just waiting for the next problem to occur…
Could someone please check the logs that I was able to produce, to see if they show any remaining problems? And what more could I do to make sure that my computer is/becomes clean?

All help would be appreciated a lot!
Many thanks in advance!

Bou

 

Welcome to MajorGeeks!

Some forms of Virut are not repairable. So if worst comes to worst be prepared to do a complete reformat and reinstall. Meaning you may need your XP install disk.

Try this.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the next one.

Vista and Windows 7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.


Download and run exeHelper

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.


If you already have them installed, be sure to update Malwarebytes and SUPERAntiSpyware before the scan!

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Now update and run this: Using Malwarebytes Anti-Malware

Now update and run this: SUPERAntiSpyware - running & getting a log

Now run this: Using MGtools

 

Thanks!

So I tried to run all 4 versions of Rkill, but not one of them worked. Downloading goes fine, and after doubleclicking I do get a black DOS box. But then I get an error message saying "An unknown error ocurred. The program will be terminated". Clicking 'OK' closes both the error message as well as the black box. The exact same for all 4 attempts...
What to do now?

Question about the possibly necessary reformatting: could I buy an external harddrive and copy all my files onto it before doing that, or would this also copy the virus and reinfect my computer again when using the harddrive after reformatting and reinstalling? And could this also permanently ruin an external harddrive, or can those always be cleaned completely?

Cheers!

Bou

 

Let me post some more information on Virut and why it is considered un-repairable.

I do warn that no matter what you try it may be a lost cause and trying the repairs could very easily put your computer into an unbootable state (basically, it may become a paper weight) so you need to take that into consideration.

 

Okay I guess I'll reformat the whole thing.
Just to be clear on the backup process though: I copy everything I really don't want to lose on an empty external hardrive, and then I scan the external harddrive (with the five scanners you mention)..

a. from the still infected computer before I reformat it? And/or

b. From another computer? (seems risky no, or can't this infect the other computer as long as I don't copy the files from the external harddrive to this computer?) And/or

c. From the infected computer after having reformated it and it is presumably clean again?

Could/should I also run the five scanners on all files I want to copy to the external harddrive before doing so (so when still on the infected computer)?

Possibly a dumb question, but I really don't know...

 

If you have a flash drive I would use that to backup the files to. And only backup things like pictures or documents that you can't replace.

Hook the drive into a clean computer. Be sure to not let it autorun/autoplay! Then scan it with suggested scanners. Hold down the Shift key when inserting the flash drive until Windows detects it to bypass the autorun feature. This will keep the autorun.inf from executing automatically.