Virtob

[Blackhawk2]

I have a question. I have a laptop system that my anti-virus (avast) all of the sudden found a virus called win32:virtob-gen. It just found it yesterday and I have no idea where I might have picked it up. I literally only went to one internet site, which was my college campus website and then opened some spreadsheets that I created. Anyway, I tried to do some research on this virus and the avast website says that it is extremely difficult if not impossible to remove. it seems to have infected nearly 400 .exe files already, including hjt, hence, I'm leery to even attempt to connect to the internet on this system. Has anyone heard of this and can it be fixed without a complete re-install of the operating system??

You guys have really helped me before on this forum, specifically on this computer. I did create a system restore point after it was cleaned before, but it looks like the virus has infected some system restore points as well. I'm not quite sure how to show any of the logs that you guys need to see since it seems to be so badly infected.

Any help would be greatly appreciated. Thanks in advance.

Blackhawk2

[Shaba]

Hi Blackhawk2

Virtob is also know as virut.

It depends on variant if it can be removed (or actually cured as it adds programs code to exe files).

But it is advisable to reformat, yes.

If you like to attempt cleaning, I can give you instructions.

[Blackhawk2]

I think I would like to try and clean it. I have some files, mainly excel and word documents, that I would like to save. I know that this virus attaches itself to .exe and .scr files, but I am even hesitant to hook up an external hard drive in fear that it will pick up the infection.

Thanks for your assistance (again) Shaba!

Blackhawk2

[Shaba]

Hi

"I have some files, mainly excel and word documents, that I would like to save. I know that this virus attaches itself to .exe and .scr files, but I am even hesitant to hook up an external hard drive in fear that it will pick up the infection."

You can burn them to CD/DVD.

Let's start with this:

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  
  o Scan using the following Anti-Virus database:
  
  + Extended (If available otherwise Standard)
  
  o Scan Options:
  
  + Scan Archives
  + Scan Mail Bases
  
• Click OK
• Now under select a target to scan select My Computer
• The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
• Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
• Click the Save Report As... button (see red arrow below)
  
• In the Save as... prompt, select Desktop
• In the File name box, name the file KasScan-ddmmyy (or similar)
• In the Save as type prompt, select Text file (see below)
  
• Now click on the Save as Text button
• Savethe file to your desktop.
• Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only! Keep ALL other programs closed during the scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report

[Blackhawk2]

HiJack this is one of the files that avast said was infected. Should I download a new copy first or will it matter? Thanks.

Blackhawk2

[Shaba]

Hi

Well new copy will get infected anyway so no need