10 ответов в этой теме

[PrisonerofVirut]

Hello all,

recently my computer became infect with virut and several bad rootkits, APbackdoors and trojans.
long story short i formatted twice and am scanning with Dr.Web at the moment, previously i had deleted alot of virut.CF infected files with kaspersky. BUT now i have Dr.Web and it is picking up virut.56 on exe's of programs on other harddrives and allows me to cure them. i am concerned though because i have heard virut can infect HTML files. will Dr.Web pick up such infections ?

thankyou for your time

[Malex]

Hello all,

recently my computer became infect with virut and several bad rootkits, APbackdoors and trojans.
long story short i formatted twice and am scanning with Dr.Web at the moment, previously i had deleted alot of virut.CF infected files with kaspersky. BUT now i have Dr.Web and it is picking up virut.56 on exe's of programs on other harddrives and allows me to cure them. i am concerned though because i have heard virut can infect HTML files. will Dr.Web pick up such infections ?

thankyou for your time

Yes, it will. Be sure to cure all infected files to avoid repeated infection.
BTW you don't need to format you hard drive twice.

[PrisonerofVirut]

actualy i had to. first time i scanned and deleted all infected virut.CF files with kaspersky, then reformatted. then i put on norton and it started pickinp up win32.heur, then i reset to scan in safemode and my pc would no longer boot into normal or safe or last known configuration mode. it would flash a black and a blue screen and then reset. so i reformatted again. i cannot think how virut managed to re-infect my pc though, the only file i ran from my other harddrives is my nvidia drivers and Dr web has not detected virut on them

i have great faith in Dr Web though as opposed to the scanners i previously used, and so far it has not detected any infections in windows, which is a good sign.
also will Dr.Web pickup virut infections from within rar files?

[C.S.J]

actualy i had to. first time i scanned and deleted all infected virut.CF files with kaspersky, then reformatted. then i put on norton and it started pickinp up win32.heur, then i reset to scan in safemode and my pc would no longer boot into normal or safe or last known configuration mode. it would flash a black and a blue screen and then reset. so i reformatted again. i cannot think how virut managed to re-infect my pc though, the only file i ran from my other harddrives is my nvidia drivers and Dr web has not detected virut on them

i have great faith in Dr Web though as opposed to the scanners i previously used, and so far it has not detected any infections in windows, which is a good sign.
also will Dr.Web pickup virut infections from within rar files?

it sounded like Kaspersky attempted to cure, and did a bad job or deleted an important boot file, but be warned, Virut is a nasty virus, i have personal experience of this little bugger. lol

i cleaned a family members machine that was highly infected with this virus, drweb found over 2000+ (very close to 3000 i think, if memory serves me correctly) Virut infections, it infects alot of legitimate files including system32 and winlogin files, aswell as every program that is installed, it also created a few (around 20) trojan downloaders which obviously does not help the situation

anyway, a while later, it sorted out the machine, completely to the naked eye, no more skins, popups, fake alerts, etc etc (There was alot of those before) and the machine was running at full speed, no re-directions in Internet Explorer, no home page changes, perfect.

however, they owned a kaspersky licence and after drweb had done all its stuff, i ran a full Kaspersky scan, it found a little more, all of which i personally sent to drweb for analysis.

job done.

[Malex]

actualy i had to. first time i scanned and deleted all infected virut.CF files with kaspersky, then reformatted. then i put on norton and it started pickinp up win32.heur, then i reset to scan in safemode and my pc would no longer boot into normal or safe or last known configuration mode. it would flash a black and a blue screen and then reset. so i reformatted again. i cannot think how virut managed to re-infect my pc though, the only file i ran from my other harddrives is my nvidia drivers and Dr web has not detected virut on them

i have great faith in Dr Web though as opposed to the scanners i previously used, and so far it has not detected any infections in windows, which is a good sign.
also will Dr.Web pickup virut infections from within rar files?

You could lunch any other programm from another harddrive, for ex. norton installer. The only thing you need to do - is to download CureIT right after windows installation and cure all the possible drives not to forget about your flashes. Then install Dr.Web and feel free.

>>>will Dr.Web pickup virut infections from within rar files?
It will detect the infection (if you use option - scan archives) but won't cure it - because it couldn't repack the files then (rar's pack algorithm is required - and it's not free).

[PrisonerofVirut]

thanks guys,

C.S.J - i experianced similar problems with some added nasties - my IE and firefox were destroyed, downloaded applications had their CRC destroyed, add-remove programs got blocked by registry/trojan, microsoft windows installer was removed, and rootkits were downloading exe's from some server in china. something like "horible.cn"

previous scans using spybot, AVG, kaspersky, norton, malwarebytes, and some program just for registry got rid of alot of rootkits and bad registry keys, trojans and backdoors.

Malex - im currently using the 30day trial for the Dr.Web AV , which i have on CD, burned from a clean pc. and i have not run any exe's from my other harddrives. =)
also thanks for the help with the rars too, if any are infected il unpack and clean

[C.S.J]

thanks guys,

C.S.J - i experianced similar problems with some added nasties - my IE and firefox were destroyed, downloaded applications had their CRC destroyed, add-remove programs got blocked by registry/trojan, microsoft windows installer was removed, and rootkits were downloading exe's from some server in china. something like "horible.cn"

previous scans using spybot, AVG, kaspersky, norton, malwarebytes, and some program just for registry got rid of alot of rootkits and bad registry keys, trojans and backdoors.

Malex - im currently using the 30day trial for the Dr.Web AV , which i have on CD, burned from a clean pc. and i have not run any exe's from my other harddrives. =)
also thanks for the help with the rars too, if any are infected il unpack and clean

yep, it is expected with Virut, beware of p2p for this particular virus.

& Welcome to the forum, & the Anti-Virus

[userr]

Malex - im currently using the 30day trial for the Dr.Web AV , which i have on CD, burned from a clean pc. and i have not run any exe's from my other harddrives. =)

Hi!
To be sure that your comp is virus-free pls do the following.
-download the attached file drweb-scan.zip and unzip drweb-scan.bat from it.
-run drweb-scan.bat. Drweb scanner should start. When it finishes, close the scanner window and the scanner starts again - three times.
-after all that you will see the folder test opened in Explorer. find the file \drw-results.cab. The file contains Drweb scanner logs, pls post it here.
 drweb_scan.zip   895байт   218 Скачано раз

[PrisonerofVirut]

hi userr
i will do what you recomended now.

but since last time i have experianced further problems. i did a full scan with Dr.Web and it found many infections of virut.56 then i did a sca with comodo which picked up some trojans. later last night i booted up my pc and on my desktop was a grey box saying 'loading virtual devices' or something similar and then my computer blue screened and reset. i could not boot into safe or normal mode. i tried to reformat and it would not let me. i had to do a fixboot. im assuming virut or some connected virus got into my bootsector and mucked it up. after fixboot'ing i reinstalled XP again and have deleted EVERY exe from my other harddrives.

[BenGun6]

....
im assuming virut or some connected virus got into my bootsector and mucked it up. after fixboot'ing i reinstalled XP again and have deleted EVERY exe from my other harddrives.

What is the final result, your system is clean now?
Im askin, because i have the same problem. since 3 days i try to repair this sh.. WinXP SP2
Avast calls it Win32:JunkPoly [Cryp]; Dr.Web calls it Virut.56 and the other Progs... i don't remember as well.

- First BitDefender was installed; killed the sys-Files in system32 Folder -> System out of Order
- after System repair (w. really success) new installation in another folder \windows.0
- avast installed/updated -> System scan -> clean
- driver files scanned -> VGA-driver installed -> scan -> clean
- reboot -> scan -> 1 infected file (OL Express\setup50.exe -> moved)
- reboot -> scan -> 100s of files infected (seems the filewalker of the Scanner helped the virus to find the victims) - Avast: repairing/deleting the infected files is really working?; moving works

Now i read something about mp3- and wmv-files. Is it possible that the virus infect these files and spreads while playing them?

Thanks for your attention
Ben

[PrisonerofVirut]

sorry for the delay in replying, been hard at work with studies.
result is, not 100% sure clean as yet.

it infects html and exe' files. Dr Web can clean (cure) it, but most other AV's just delete the file. for me i did ...3 reformats all up and 2 windows repairs. finally opted to delete EVERY exe and am now burning all my safe files and then reformatting every drive. be wary of the 'system volume information' folder as exe's downloaded by rootkits and other nasties CAN end up in there and virut will proceed to jump on them. im fairly sure my harddrives are safe now that i got rid of every exe on the pc and then reformatted the 3rd time lol. but i cant access my windows update folder (on each drive) and so iv opted to reformat every drive once iv burned all my stuff.

goodluck with ridding it from your system. i suggest getting Dr.Web , the 30day trial or the free scanner and running it in safemode.