win32/virut. I need help

crystalbrite

I downloaded a file and whenever i open the application avg comes up saying 2 win32/virut infections in the location C:\Users\Mark\AppData\Local\Thinstall\Cache\Stubs... . I then did a scan with avg and it put the two infections in the virus vault.

I then opened the application again and i got infected again by the same two infections. I did another avg scan and it found the two infections again and put them in the virus vault.

I then downloaded the rmvirut.exe file and ran that but it found no infected objects but whenever i open the application i keep getting infected by the same 2 infections in the exact same location.

Is there anyway i can stop this from happening without removing the application because really want to hold onto it? And is there any danger if i continue to use the application and just remove the infections whenever i open the application?

ActorSeeksJob

You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

• Backup all your documents and important items only.
• DO NOT backup any executable files (,exe .scr .html or .htm)
• Do Not back up compressed files (zip/cab/rar) files that may contain .exe, .pdf, .jpg, .doc or .scr files
• Reformat and Reinstall as outlined HERE

I suggest you do the following immediately:

• Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
• From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
• DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

xprepairs

There may still be some hope:
http://www.hm2k.com/posts/win32-virtob-virut-removal

This tool also boasts that it can cean up the infection:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en&displaylang=en

You can also try running malwarebytes from http://www.filehippo.com/download_malwarebytes_anti_malware/. The program has 'Virus.Virut' in its list of detected malware. Make sure you update the latest definitions prior to running the scan.

I also read that some experts say a fresh install is best, but, I'm not a real firm believer in that, EXCEPT as a last resort. I try a few more avenues before a fresh install, as most clients have far too much to re-install on their PC's and at times, a repair saves them lot's of precious downtime.

crystalbrite

Im after deleting everything associated with the file that i downloaded and then i scanned the whole computer with rmvirut.exe and avg a couple of times and it detected nothing.

Do you think that the virus is gone or that rmvirut.exe and avg just aren't detecting it?

mukki

rmvirut will only remove certain flavours of virut, if yours is different you will get a clean scan

avg free does not detect virut, so that scan will be clean too

most antivirus will just quarentine the infected files leaving your pc missing about half the programs and features, norton can heal files but its not guarenteed

ActorSeeksJob wrote: »

You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.


Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

• Backup all your documents and important items only.
• DO NOT backup any executable files (,exe .scr .html or .htm)
• Do Not back up compressed files (zip/cab/rar) files that may contain .exe, .pdf, .jpg, .doc or .scr files
• Reformat and Reinstall as outlined HERE

I suggest you do the following immediately:

• Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
• From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
• DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

+1

OP do what is said above, ASJ is to be obayed