PDA

View Full Version : Win32/Heur & Virut - Can't get past XP welcome screen



ChrisP
2009-04-15, 21:57
Unfortunately i'm completely new to technical help sites and having spent the last 3 hours reading through, it looks like it's going to be difficult to help me because i'm confused already. I've read that you require HijackThis from me in order to help but i'm not sure I can even get that.

A few days ago I stupidly while tired tried to download a driver to my desktop pc. I have Spybot & AVG installed and one or other, or both, warned me about viruses and trojans. Whatever I did was the wrong thing. It followed a couple of days of running spybot and AVG and trying to get rid of these things. The only two of the things I remember is there being lots of trojans, Win32/Heur and Virut. Eventually my PC was having none of it and started running the Spybot check during boot-up. I've probably panicked way too quickly, messed things up that now can't be done and am probably beyond assistance but would appreciate enourmously any you can give. Before I start though there are files on my hard drive that I cannot lose (the first 6 years of my childs life in pictures and video basically).

I'm at the stage where I get to the windows XP blue welcome screen and it shows my login icon. I click it, it says loading your personal settings, gives a very brief view of my wallpaper then says saving my settings. That's as far as I get.

I tried safe mode, last know good configurations, recovery and reinstalling windows, none of it has worked. I've done that many things that many times now that I can't remember what causes what but I can have either... a black screen with "safe mode" in the corners and cannot do anything, a blue welcome screen with just my logon, a blue screen with mine and the administrator (just does the same trying to log into this (loading then saving)). I didn't know what else to do so then I downloaded some software off the internet - 'RescueSystemcd' but I don't really know what i'm doing with that either.

I read on one post that if I have the Virut then my comp is basically done for because it will be everywhere. If that's the case then i'd like some options. The most important thing to me is all the photographs I have on my hard drive. I'm more than happy to format all my drives and lose and start again if there is an option not to lose my photos, even if it means copying them to media just for printing, but there is a huge amount of it.

Any help at all would be appreciated. I'm not a complete computer novice so can follow any instruction easily enough but I have very little recovery knowledge other than formatting a hard drive and it's obvious that the majority of people here that know a vast amount more than me.

Thanks in advance for anyone that has a mind to help in any way.

pskelley
2009-04-19, 21:07
I apologize for the wait, you said this:

Win32/Heur and Virut

This machine needs to be formatted.

This system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

See miekiemoes' blog for similar comments here:
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

Information Links

http://free.avg.com/66558
http://www.avast.com/eng/win32-virut.html
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?ID=66586
http://securitywatch.eweek.com/exploits_and_attacks/virut_delivers_polymorphic_punch.html

:sad: