Heeellp - virus

grantw · Oct 28, 2008

Not needed!

Don't know how but I got infected big time yesterday, realised when loads of weird processes were triggering the firewall.

Ran Comodo antivirus, it found no issues but then died. Installed bitdefender and it located numerous (thousands!) of occurences of win32.virut.u which I guess is the same or a variant of w32.virut.u which infects all .exe and.scr files on your system - great! But bitdefender seems to be doing its thing so I should be OK!

After a while I noticed that bitdefender was saying it couldn't clean most of the files and was moving them to quarantine ie. virtually every .exe file on the system, 2 minutes later the PC shut down. Following that on restart after going through the XP logon screen I was greeted with a blank screen and could do nothing, the same thing with safe mode and safe mode with command prompt.

I've just done a recovery using the XP home install disk and can now logon to windows fine, getting loads of errors due to the missing exe files but can see all my important files etc.

My question is, what would you do now? There are files on there that I could do with but I'm guessing the virus is still on there. Bit of a pickle!

Appreciated, Grant

stender · Oct 28, 2008

run hijack this. you'll probably find loads of files in your system32 dir from the time you got infected.
I had a bad one recently called something like vundo or virtumindo. avast etc... couldnt detect it. ran hijack this, found the new files and googled. i had to use vundofix.exe and virtumondobegone.exe to get rid.
right pain.

scooter · Oct 28, 2008

Nasty. Can you not just burn the files you need to a disk and reformat.

If it was mine, I would reformat.

.

afx · Oct 28, 2008

A decent AV program (Symantec AV, MCafee, Sophos etc) will clean this and there's various removal tools from these vendors, but from what you've described it seems like you're too far gone if system files are damaged / missing. I'd get your data off and blow it away if I was you and put a paid for AV client on it.

grantw · Oct 28, 2008

Cheers, yep I think I'm gonna end up at one of those very helpful virus removal forums posting hijackthis logs all night!

Reformatting may be the best option!

Grant

stender · Oct 28, 2008

Do you know when you were infected? can you see any files created in C:\WINDOWS\system32 around that time?

accelerator · Oct 28, 2008

I use nod32.com as my antivirus and haven't had any issues so far ... it seems to be doing a good job so I would recommend it. It's pretty popular amongst web developer types.

Rgds

grantw · Oct 28, 2008

My XP installation isn't on C: but the virus created a C:\WINDOWS\SYSTEM32 folder with one file in it, that was the first file that started to try and connect to the internet.

I'll have a bit more of a look before I format it, see what I can find.

grant

neildonn · Oct 28, 2008

I use Avast and have had no problems, I also use Comodo Firewall.

One way is to, yes, format the harddisk and start again, but I'd look at what viruses you have first, make alist, then do a search to see whats available to remove them. Hopefully you will be able to delete each virus.

My wifes friend had over 1k of files infected. Most could be deleted except for five, the startup system files. I had to make a DVD with the same files from another PC, then go in to safe mode with a boot cd off the internet (they do not have an original XP disk, I forgot to bring mine

) then copy each file over. It works now, but what a pain.

So, two choices:

Reformat the harddisk
Find a vrius remover

Admin · Oct 28, 2008

I use Search and Destroy quite a bit to clean up machines, plus "crap cleaner" after you have removed everything

grantw · Oct 28, 2008

I'll be reformatting once I've got all the files I need. Got a blinding headache - was up till 04:30, back up at 08:00

Grant

retired_member27 · Oct 28, 2008

Do you know how you got infected, i.e. what website did you go do, and did you download the virus manually as file?

As for the remedy, I would always reformat as a matter of course.

grantw · Oct 28, 2008

I have absolutely no idea, as far as I know I didn't download any files so it must have come through email or a website I'd been on. If I'd been trawling scandanavian porn sites I'd understand it but I haven't been on any of those for at least two weeks

Grant

stender · Oct 29, 2008

I find it best to google the symtoms or popup or dll's as you'll find you need a certain piece of software depending on the virus. not all are picked up by your macafee's etc... at least not when they are new.
I use avast which is good for antivirus but I have a library of tools such as hijackthis, startup inspector, windows defender.......

aZooZa · Oct 29, 2008

grantw said:
I have absolutely no idea, as far as I know I didn't download any files so it must have come through email or a website I'd been on. If I'd been trawling scandanavian porn sites I'd understand it but I haven't been on any of those for at least two weeks

Grant

Grant, your posts never fail to make me smile ("at least two weeks"), and I know how frustrating this type of thing is. In my experience, there's only one course of action here and that's to reformat.

You might take some of your data files before you reformat, but check them on a DVD and scan them before you put them back on a new HD install -- don't open them even from a DVD before scanning them. MS Office files can spread these pests, so beware of .doc files also.

Best of luck!

grantw · Oct 29, 2008

Just back on line this minute. Yep, I backed up what I needed onto a new external drive, then scanned that for infections before I copied them back over to the formatted system, then scanned the whole system again to be sure. Overall this took me forever as I realised my old backup drive was connected to the PC when the virus struck so I had to salvage a load of stuff onto the new drive.

Thaks for everyones help.

Cheers, Grant