Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 34

Thread: Please Help Cant get clean!

  1. #21
    Member Bithpq's Avatar
    Join Date
    Dec 2008
    Location
    127.0.0.1
    Posts
    74

    Default

    oh another thing this window poped up for two things while i ran gmer

  2. #22
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Svchost.exe & TASKMGR.EXE
    http://www.virustotal.com/analisis/d...79e8cb071a1978
    Antivirus Version Last Update Result
    AntiVir 7.9.0.160 2009.05.02 W32/Virut.Gen
    Authentium 5.1.2.4 2009.05.02 W32/Virut.AI!Generic
    Avast 4.8.1335.0 2009.05.02 Win32:Vitro
    AVG 8.5.0.327 2009.05.02 Win32/Virut
    BitDefender 7.2 2009.05.02 Win32.Virtob.Gen.12
    CAT-QuickHeal 10.00 2009.05.02 W32.Virut.G
    DrWeb 4.44.0.09170 2009.05.02 Win32.Virut.56
    eTrust-Vet 31.6.6487 2009.05.02 Win32/Virut.17408
    F-Prot 4.4.4.56 2009.05.02 W32/Virut.AI!Generic
    F-Secure 8.0.14470.0 2009.05.02 Virus.Win32.Virut.ce
    Fortinet 3.117.0.0 2009.05.02 W32/Virut.CE
    GData 19 2009.05.02 Win32.Virtob.Gen.12
    Kaspersky 7.0.0.125 2009.05.02 Virus.Win32.Virut.ce
    McAfee 5603 2009.05.02 W32/Virut.n.gen
    McAfee+Artemis 5603 2009.05.02 W32/Virut.n.gen
    McAfee-GW-Edition 6.7.6 2009.05.02 Win32.Virut.Gen
    Microsoft 1.4602 2009.05.02 Virus:Win32/Virut.BM
    NOD32 4049 2009.05.01 Win32/Virut.NBP
    Rising 21.27.41.00 2009.05.01 Win32.Virut.bm
    Sophos 4.41.0 2009.05.02 W32/Scribble-B
    Sunbelt 3.2.1858.2 2009.05.02 Virus.Win32.Virut.ce (v)
    Symantec 1.4.4.12 2009.05.02 W32.Virut.CF
    TheHacker 6.3.4.1.317 2009.05.02 W32/Virut.gen2
    TrendMicro 8.950.0.1092 2009.05.01 PE_VIRUX.F-1
    ViRobot 2009.5.1.1717 2009.05.01 Win32.Virut.AL
    VirusBuster 4.6.5.0 2009.05.02 Win32.Virut.Y.Gen

    This machine needs to be formatted.

    This system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

    Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

    Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

    Recent variants also modify htm, html, asp and php files.

    Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

    See miekiemoes' blog for similar comments here:
    http://miekiemoes.blogspot.com/2009/...-throwing.html
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  3. #23
    Member Bithpq's Avatar
    Join Date
    Dec 2008
    Location
    127.0.0.1
    Posts
    74

    Smile Ok loads of questions here!

    Ok ill be formating the computer at around the end of the week. I am looking forward to formatting the computer. Get rid of some old programs. Afterall it is a used computer. I might install XP.

    Do you know how virut can spread? How do I tell if a .exe, .scr and htm, html, php and what ever other files have been patched or infected or corrupted?

    A file can only be patched/corrupted by running it right or do i have to just access it?

    Is it possible to grab .exe files over network? Or will that infect them too (because they are accessed).

    Scince I will be formating what are some fire walls that you recomend? Or any other programs that will help keep my computer clean and running at its best?

  4. #24
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Quote Originally Posted by Bithpq View Post
    1) I might install XP.
    2) Do you know how virut can spread?
    3) How do I tell if a .exe, .scr and htm, html, php and what ever other files have been patched or infected or corrupted?
    4) A file can only be patched/corrupted by running it right or do i have to just access it?
    5) Is it possible to grab .exe files over network? Or will that infect them too (because they are accessed).
    1) Good idea, W2k is not getting any younger
    2) Very easily via :- usb drives, cracks, keygens, P2P, shared folders, networks, you name it Virut can use
    3) You can scan single files at Virustotal, or an entire machine at Kaspersky
    4) Just accessing a file can infect it.
    5) There is a high risk that any machine accessed via a network will also be infected.

    I try not to recommend Firewalls, they are quite a "personal" thing ie. level of security over amount of warnings.


    ----------------------------------------------------------- -----------------------------------------------------------

    The following is some info to help you stay safe and clean.


    You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
    ( Vista users must ensure that any programs are Vista compatible BEFORE installing )

    Online Scanners
    I would recommend a scan at one or more of the following sites at least once a month.

    http://www.pandasecurity.com/activescan
    http://www.kaspersky.com/kos/eng/par...avwebscan.html

    !!! Make sure that all your programs are updated !!!
    Secunia Software Inspector does all the work for you, .... see HERE for details

    AntiSpyware
    • AntiSpyware is not the same thing as Antivirus.
      Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
      You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
      Most of the programs in this list have a free (for Home Users ) and paid versions,
      it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
    • Spybot - Search & Destroy <<< A must have program
      • It includes host protection and registry protection
      • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    • MalwareBytes Anti-malware <<< A New and effective program
    • a-squared Free <<< A good "realtime" or "on demand" scanner
    • superantispyware <<< A good "realtime" or "on demand" scanner


    Prevention
    • These programs don't detect malware, they help stop it getting on your machine in the first place.
      Each does a different job, so you can have more than one
    • Winpatrol
      • An excellent startup manager and then some !!
      • Notifies you if programs are added to startup
      • Allows delayed startup
      • A must have addition
    • SpywareBlaster 4.0
      • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    • SpywareGuard 2.2
      • SpywareGuard provides real-time protection against spyware.
      • Not required if you have other "realtime" antispyware or Winpatrol
    • ZonedOut
      • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
    • MVPS HOSTS
      • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
      • For information on how to download and install, please read this tutorial by WinHelp2002.
      • Not required if you are using other host file protections


    Internet Browsers
    • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
      Using a different web browser can help stop malware getting on your machine.
      • Make your Internet Explorer more secure - This can be done by following these simple instructions:
        1. From within Internet Explorer click on the Tools menu and then click on Options.
        2. Click once on the Security tab
        3. Click once on the Internet icon so it becomes highlighted.
        4. Click once on the Custom Level button.
          • Change the Download signed ActiveX controls to Prompt
          • Change the Download unsigned ActiveX controls to Disable
          • Change the Initialise and script ActiveX controls not marked as safe to Disable
          • Change the Installation of desktop items to Prompt
          • Change the Launching programs and files in an IFRAME to Prompt
          • Change the Navigate sub-frames across different domains to Prompt
          • When all these settings have been made, click on the OK button.
          • If it prompts you as to whether or not you want to save the settings, press the Yes button.
        5. Next press the Apply button and then the OK to exit the Internet Properties page.

      If you are still using IE6 then either update, or get one of the following.
      • FireFox
        • With many addons available that make customization easy this is a very popular choice
        • NoScript and AdBlockPlus addons are essential
      • Opera
        • Another popular alternative
      • Netscape
        • Another popular alternative
        • Also has Addons available


    Cleaning Temporary Internet Files and Tracking Cookies
    • Temporary Internet Files are mainly the files that are downloaded when you open a web page.
      Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
      It is a good idea to empty the Temporary Internet Files folder on a regular basis.

      Tracking Cookies are files that websites use to monitor which sites you visit and how often.
      A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
      CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

      Both of these can be cleaned manually, but a quicker option is to use a program
    • ATF Cleaner
      • Free and very simple to use
    • CCleaner
      • Free and very flexible, you can chose which cookies to keep


    Also PLEASE read this article.....So How Did I Get Infected In The First Place

    The last and most important thing I can tell you is UPDATE.
    If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
    Malware changes on a day to day basis. You should update every week at the very least.

    If you follow this advice then (with a bit of luck) you will never have to hear from me again :D

    Happy surfing K'
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  5. #25
    Member Bithpq's Avatar
    Join Date
    Dec 2008
    Location
    127.0.0.1
    Posts
    74

    Default

    Quote Originally Posted by katana View Post
    1)I try not to recommend Firewalls, they are quite a "personal" thing ie. level of security over amount of warnings.
    I never liked them but I just wondered if there was one that was less anoying. If you know what I mean.
    Quote Originally Posted by katana View Post
    Online Scanners
    I would recommend a scan at one or more of the following sites at least once a month.

    http://www.pandasecurity.com/activescan
    http://www.kaspersky.com/kos/eng/par...avwebscan.html
    These will take a long time on dial-up right? Do they have to upload and scan for each file?
    Quote Originally Posted by katana View Post
    Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    HA of course!
    Quote Originally Posted by katana View Post
    Both of these can be cleaned manually, but a quicker option is to use a program

    ATF Cleaner
    • Free and very simple to use

    CCleaner
    • Free and very flexible, you can chose which cookies to keep
    Doesent SD Shreder do the same thing?

    Another thing. If I plug a flash drive into a Virut infected computer and the flash drive has no files that can be infected by virut. Then plug it into a clean computer will the clean computer get infected?

  6. #26
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Quote Originally Posted by Bithpq View Post
    1) I never liked them but I just wondered if there was one that was less anoying. If you know what I mean.

    2) These will take a long time on dial-up right? Do they have to upload and scan for each file?

    3) Doesent SD Shreder do the same thing?

    4) Another thing. If I plug a flash drive into a Virut infected computer and the flash drive has no files that can be infected by virut. Then plug it into a clean computer will the clean computer get infected?
    1) They are all annoying in their own way, and I know exactly what you mean.
    The problem is, that the more annoying it is then the better job it is doing

    2) Yes, it will take a while on dial-up.

    3) You need to update Spybot
    Spybot-S&D 1.5 does not support the Secure Shredder anymore.
    There is a simple reason, the Secure Shredder is outdated
    and so it is not really "secure" without any enhancements.
    4) Some versions of Virut are designed to detect the presence of a USB drive and infect it specifically for this purpose.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  7. #27
    Member Bithpq's Avatar
    Join Date
    Dec 2008
    Location
    127.0.0.1
    Posts
    74

    Default

    Quote Originally Posted by katana View Post
    They are all annoying in their own way, and I know exactly what you mean.
    The problem is, that the more annoying it is then the better job it is doing


    Quote Originally Posted by katana View Post
    Yes, it will take a while on dial-up.
    So it does upload?

    Quote Originally Posted by katana View Post
    You need to update Spybot
    Always I get e-mail notifacations

    Quote Originally Posted by katana View Post
    Some versions of Virut are designed to detect the presence of a USB drive and infect it specifically for this purpose.
    So even though there is no .exe .scr .htm .html .asp .php files?

  8. #28
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Quote Originally Posted by Bithpq View Post
    1) So it does upload?
    2) So even though there is no .exe .scr .htm .html .asp .php files?
    1) yes, you upload files to VirusTotal

    2) Correct. USB drives have an Autorun.inf file which is detected by the infection.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  9. #29
    Member Bithpq's Avatar
    Join Date
    Dec 2008
    Location
    127.0.0.1
    Posts
    74

    Default

    Quote Originally Posted by katana View Post
    Correct. USB drives have an Autorun.inf file which is detected by the infection.
    So the Autorun.inf is what infects the other computer? or does the virus configure the Autorun? If autorun is disabled on a computer is it safe or Im I at risk? Also is there a way to get rid of the Autorun without wrecking the Flash-Drive?

    If the Flash-Drive's Autorun is "infected" do I have to format my flash drive?

    I will be formating the Computer soon and I just realized that I dont know how to format a computer. Also is there some thing that will happen to the computer's hardware if I format it?

  10. #30
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Autorun.inf is used by the virus to run an infected file that is dropped on the USB
    If autorun is disabled on a computer, then it won't run the infected file.

    You can clean USB drives with the following tool


    Panda USB and AutoRun Vaccine

    Please visit Panda USB and AutoRun Vaccine
    Download and use the tool to vacinate your computer and also any USB drives you have.

    This will help prevent infection in the future.



    ----------------------------------------------------------- -----------------------------------------------------------

    Here is a check list of items that you will need for a reformat.


    1 - Backup Your Data
    Copy all your data to a separate drive, CD, DVD, etc.
    It may be a good idea to check the files that you backup with an online scanner, you don't want to be reinfected.
    http://www.kaspersky.com/virusscanner

    2 - Back Up Your Drivers
    Particularly important if your computer was not delivered with driver CDs

    Driver Genius Pro finds updates and backs up your drivers into an exe installer - very simple to re-install
    Or there's the free DriverMax from http://www.innovative-sol.com

    3 - Download Programs, Installers, and Updates
    Make sure you have all the programs you will need to re-install such as an Antivirus, a Firewall, and, if not included on the installation disk, Microsoft's Service Pack 2 for Windows XP.
    Take note of all the product keys and serial numbers. These may be on boxes, CDs, or in emails.

    4 - Make Sure You Can Get Back Online
    Check that you have modem drivers, set up instructions, and log-in details.

    5 - Boot From The Windows CD and Install
    Physically disconnect your internet cable between the computer and the modem/router
    If your computer isn't set to boot from CD, look for the option to enter the BIOS setup during startup - usually Del, F1 or F2
    In the BIOS, look for the option to change the order of boot devices
    Select the CD drive as the first option
    Save and exit

    6 - Reload Drivers
    Once the Windows installation is complete, re-load the drivers you save in 2 above

    7 - Install Security Programs
    Install your Antivirus, Firewall, and other security programs

    8 - Install Any Microsoft Updates
    Reconnect your computer to the internet and go to the Microsoft Updates site: http://update.microsoft.com/microsoftupdate
    Download and install any required updates

    9 - Install Any Programs
    Finally, install any programs you need to run

    If you have any questions, don't hesitate to ask.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •