Virut.ce - Please Help!

to try and make a long story short, my son's computer is infected with the win32virut.ce From what I have been reading there is no removal of this nasty thing and the only solution would be to reinstall OS. I do not have a disk..the computer did not come with one when I purchased it new a few years ago. It is an HP computer and I am running Windows XP.

If I am reading wrong and there is a removal of this thing someone please help me. If not, what do I do? Is there a way to clean and reinstall without a disk?

 

Well I ran Vipre (spelling) and that is where it told me that I have the virut. I also tried to run Combo Fix (from a clean flashdrive I downloaded from my laptop, which is clean) and I got an error saying that the file had been corrupt, and I may have the virut..then removed the program.

I will run the MGTools tomorrow as I just got home and am too tired to mess with it tonight. I am a little confused though, I tried to reinstall last night...the computer which is a Compaq Win XP desktop did not come with a disk when I purchased it. I remember having to do the F11 thing when I first got the machine 4+ years ago because Windows was corrupt...yet when I tried last night I was getting an error saying there were no partitions found.

Anyway, thank you and I will post the log tomorrow night.

 

I am sorry it took me so long to get back to you it has been a crazy week. Ok I just tried running the MG Tools and it is not working. The black screen comes up and then goes down again. It does not stay up long enough for me to read it, but at the end it says something like Deleting It! and I think it was referring to log files. Am I doing something wrong?

I tried running that Symantic Virut Removal tool, it said it deleted the virut, but it didn't, because I still cannot run Combo Fix I am getting the same error. I ran Malware Bites this morning, first there were 25 infected files, the second time there were 2 that said would be deleted upon reboot of my computer.

The two files that show that were infected were
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot

C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot

I have not ran it a 3rd time to see if it would completely clean. I can tell you the first time I ran Malware Bites was on 5/25/10 and there were 223 infected files, 9 registry keys infected, 9 registry values infected. The majority were Backdoor.Bot and all said quarantined and successfully deleted, which was not the case because more kept coming back. The one thing I can say is that since I ran that Symantic Virut Removal Tool, I am getting messages after I am done running Malware Bites saying that the files will be deleted after reboot, I never got that message before. Also I need to mention that I have disconnected the machine from the internet.

 

Ok, it did change to C:\MGTools> like you said, but when I typed ShowNew I got the following error message

'ShowNew' is not reconized as an internal or external command, operable program or batch file.

I had the MG Tools on my flashdrive, because I had to download it from my clean laptop and then put it on the infected PC. I just tried moving the file from the flash drive to the desktop of the PC and it seemed to have started to run ok...It gets to where it says Running processdl.exe to find loaded DLL's then I get an error screen

ProcessDLL.exe - Application Error
The application failed to initialize properly (0xc000007b). Click on OK to terminate the application

But it did create logs, there are several in the C:]MGlogs.zip. Which do you want posted the hijackthis.log?

 

Please read the message before this one, but I wanted to attach all of the logs in this post..just an FYI, I am doing this with a flash drive from the infected pc to my laptop. Every time I put the flash drive in my laptop I scan it first with my AV and every file I download says it was infected with the win32/virut.17408, and it was cleaned by my AV. I had the same AV program in the pc, why didn't it detect and clean it there as well?

 

C:\windows\explorer.exe -
1 File <s> 1,058,816 bytes
0 Dir <s> 128,895,434,75 bytes free

C:\windows\userinit.exe -
it says, "file not found"

Service Pack is 3

 

Well I kind of went into this knowing I had the Virut so it really isn't a surprise. Now for my next step. When I bought the PC it did not come with a recovery disk. Can I format partitions and reinstall windows without a disk? As I said before, when I first bought the pc I had to reinstall windows because it kept crashing, although when I tried following instructions online (to locate the i3xx file) I got an error saying that there were no partition files. Perhaps I was doing it wrong?

In short, I have no clue how to do this, can you help me with instructions, or am I going to need to purchase a disk? Also I am just curious about something. As I mentioned I had to use a flash drive from the infected pc to my laptop each time, so of course I scanned the flash drive and it revealed I had the virut in any files that I took from the pc...my av deleted the infected files. My question is this, I had the same av on the pc, why didn't it pick up those files before the computer became infected? Just curious..