15 replies to this topic

[gator]

Hello,

I have a nasty virus I can't get rid of. It prevents me from accessing any anti-virus sites and Windows update, however I am able to get access in Safe Mode. I've been running scans with Malwarebytes and SuperSpywareRemover and have been able to reduce the infections from over 2300 trojans to two: Virus.Stealsmth and Hijack.Userinit. How can I get rid of these?

Any suggestions will be greatly appreciated!

Attached Files

•  hijackthis_090908.txt   5.87K   15 downloads
•  mbam_log_2009_09_08__10_38_29_.txt   1.1K   18 downloads

[MAM]

EDIT

MAM

[LonnyRJ]

Welcome to the forum gator

Visit the webpage below for instructions for downloading and running ComboFix:

But proir to running Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This is because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it.
Please visit HERE if you don't know how. http://www.bleepingc...opic114351.html

http://www.bleepingc...to-use-combofix

Post the log from ComboFix in your next reply.

[gator]

Hi Lonny, thanks for the response!

I can not run ComboFix. I get a message that says it is not safe to continue, that ComboFix has been corrupted, and that my computer may be infected with the "Virut" virus. ComboFix then deletes itself from my desktop.

ComboFix suggests I download a fresh version, but it does the same thing.

Help!

[LonnyRJ]

Thats not good at all
Submit a few windows files at virus total

VirusTotal - Free Online Virus and Malware Scan: http://www.virustotal.com/

submit
c:\windows\explorer.exe
c:\windows\system32\userinit.exe
c:\windows\system32\regsvr32.exe
C:\WINDOWS\system32\wuauclt.exe

[gator]

My computer was almost totally locked up, even Safe Mode. So I did a complete HD reformat and system restore; I even had a hard time getting the restore discs to initially run, but I think its OK now. Whatever it was was NASTY!

Thank you for your help.

[LonnyRJ]

I suspect it was as combofix suggested, virut
If that was the case a format and windows reinstall was definatly in order.

Explain what you mean by format please ?
Some people assume a windows reinstall is it, its not.

[gator]

LonnyRJ, on Sep 14 2009, 12:29 AM, said:

Explain what you mean by format please ?
Some people assume a windows reinstall is it, its not.

I must have done the reformat incorrectly because the virus is back! My computer has been running great since yesterday morning but now Virut is back.

When I put in the recovery disc it offered me two choices, a system restore or a hard drive reformat and restore. I just followed the prompt for the reformat. Should I be doing something else?

Also, before running the restore disc I saved all the files in "My Documents" to an external hard drive. Could I have saved the virus there too? Is it possible to reformat the external hard drive? I'd hate to lose all my files, but......

[LonnyRJ]

"Is it possible to reformat the external hard drive? "
I would
Open your my computer icon and r/click the extenal drive find and use option to format,
Or you could manualy delete everything except txt and log files.
See >
http://miekiemoes.blogspot.com/2009/02/vir...s-throwing.html

Good luck

[gator]

I was finally able to run ComboFix, is there anything in the log I should be worried about?

Attached Files

•  combofix_log_090915.txt   18.69K   16 downloads

[LonnyRJ]

Did you format that external ?

Did you format and use your recovery disc again (already) ?

[gator]

LonnyRJ, on Sep 15 2009, 05:13 AM, said:

Did you format that external ?

Did you format and use your recovery disc again (already) ?

Yes

[LonnyRJ]

lets get a look at a list or installed programs
Post or attach C:\Qoobox\Add-Remove Programs.txt

[gator]

LonnyRJ, on Sep 16 2009, 12:57 PM, said:

lets get a look at a list or installed programs
Post or attach C:\Qoobox\Add-Remove Programs.txt

Here ya go!

Attached Files

•  Add_Remove_Programs.txt   3.32K   12 downloads

[LonnyRJ]

In the windows control panel open Java find the option to update and update it.
afterwards you can uninstall the older version Java 2 Runtime Environment, SE v1.4.2

other than that it looks good


Think Prevention: Put in place a good hosts file
http://www.mvps.org/...p2002/hosts.htm
Repeat that proccess about once or even twice a month

To help avoid reinfection see "So how did I get infected in the first place?" http://www.malwarebytes.org/forums/index.p...65&hl=place?

Note: Make sure your programs are up to date - older versions may contain Security Leaks.
To find out what programs need to be updated, run the Secunia Software Inspector Scan.
http://secunia.com/software_inspector/

[gator]

Will do!

Thanks again