Win32/Virut.NBP virus... Can anyone help?

Hello all,

Okay, so this is my first post to the forum... I've just noticed that you seem to be the ppl to talk to when it comes to removing malware n the like.

The basics: I'm running XP SP3, Eset Nod32 Antivirus & Firewall. I keep getting popups saying that certain files are infected with Win32/Virut.NBP... Eset has managed to clean and quarantine a few, but most are being left untouched by it.

The infection's been going a few days now, and I've tried a few ways to remove it myself, but had no luck and thought I'd find some real help before I messed it up even more.

I've just found the 'Read and Run First' post, so I'm gonna work through that and make notes here as I do... I hope that's okay.

Step 1 - Basic maintainance:
Run CCleaner - Done

Step 2 - Remove all but one AV and FW software.
Done.

Step 3 -
• Remove Viewpoint stuff
- No viewpoint progs in Add Remove Programs
• Remove all Sun Java
- Done
• Empty quarantine folder
- Done
• Empty recycle bin
- Done
• Run CCleaner
- Done

Step 4
• Enable viewing of hidden/system/file ext's
- Done
• Enable MSConfig for Normal Startup
!!! - >Start >Run >Msconfig.exe spits up an Application error !!!
!!! The instruction at "0xf72a0517" referenced memory at "0xf72a0517". The memory could not be "written".

• Uninstall malware and unwanted via add/remove progs.
- Done (got rid of Messenger Plus Live)

Step 5
• Super Anti Spyware
- Run, and log attached
• MB-Anti Malware
- !!! Installed, but when I try and run it, I get 'Run Time Error (0)' and 'Run Time Error (440)'
• Combofix
- !!! Attempted to run it, but it said the file had been compromised with 'Virut'
• RootRepeal
- Ran okay
• MGtools
- All seemed to run okay, found c:\MGlogs.zip, will attach.


MASSIVE THANKS in advance!!

Luke.

 

Hey TimW,

Thanks for putting me right, I got a bit lost at points, but I think I've done it right now. In the process, the following files have spat up an 'application failed to intialize properly' dialog: MSinfo.exe, PROCESSDLL.EXE

Also, I can't find the licence agreement for HJT, tho I do remember clicking something to do with HJT just after I sent the last post. So maybe that was it, anyhows, thanks for your patience, I think this should be the correct stuff now.

Cheers,
Luke.

 

I've just downloaded a new version of MBAM, renamed the file to mb2.exe and attempted to run it. The install looked as if it was gonna go fine, it asked where to install to etc, then started extracting files. At about 60% it stopped and popped up a dialog box about runtime error 0, then runtime error 440 (Screengrabs of the dialog boxes are in the attached word doc). I clicked okay on them, as that was the only option, then it threw up a bunch of memory errors (also in word doc). This eventually installed the icon on my desktop, but then when i try and run it i just get the '0' and '440' runtime errors.

Combofix, I copied this to my desktop and ran it from there, a small percentage bar window popped up, then half way thru the install it gave me a memory error (dialog also in word doc), and in the time it took me to copy n paste that to the word doc, it'd removed it and popped up a message saying that Combofix had been compromised by 'virut', then promptly vanished in a puff of logic.

I've also noticed that my apps are dying on a daily basis... I'm worried that sooner or later my browser is gonna go kaput, then I'll be proper spannered. Is there owt I can do to cover my *** on this front? Download other browsers or somethin, or am I just in panic mode?

Anyhows, thanks for all the help so far.

 

Forgot to attach the dialogs.
Now attached.

 

Okay, thanks for that, I guess it's not great news, but it's kinda what I was expecting... and it'll probably end being way less hassle in the long run. I'll start cleaning up now.

Thanks for your help man.