Win32:virut
Solved
mathieu12345
Posted messages
138
Status
Membre
-
Destrio5 Posted messages 99820 Registration date Status Modérateur Last intervention -
Destrio5 Posted messages 99820 Registration date Status Modérateur Last intervention -
Hello,
Avast has detected win32:virut on my PC. I tried the method explained in a tutorial (https://www.malekal.com/supprimer-win32virut/), but the installation of the recommended program is blocked.
I have 2 HDDs:
- 1 with a system partition + software (C:) and a data partition (E:). This HDD is infected and deleting the C: partition with the Windows XP Pro installation CD is not enough to eradicate the virus;
- 1 unpartitioned with my photos and music (D:). I haven't tested this HDD yet and I've unplugged it while waiting to disinfect the other HDD.
I would like to know if I can format "deeply" only the C: partition while leaving the E: partition intact.
If so, what software and what method?
If not, apart from formatting the entire HDD 1 "deeply" and following the method in the above tutorial, what else can I do?
Thank you
Avast has detected win32:virut on my PC. I tried the method explained in a tutorial (https://www.malekal.com/supprimer-win32virut/), but the installation of the recommended program is blocked.
I have 2 HDDs:
- 1 with a system partition + software (C:) and a data partition (E:). This HDD is infected and deleting the C: partition with the Windows XP Pro installation CD is not enough to eradicate the virus;
- 1 unpartitioned with my photos and music (D:). I haven't tested this HDD yet and I've unplugged it while waiting to disinfect the other HDD.
I would like to know if I can format "deeply" only the C: partition while leaving the E: partition intact.
If so, what software and what method?
If not, apart from formatting the entire HDD 1 "deeply" and following the method in the above tutorial, what else can I do?
Thank you
Configuration: Windows XP Pro
16 réponses
Good evening,
before deleting anything can you do this please?
> Perform an online scan with Kaspersky: https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
Note: The scan only works in Internet Explorer.
- Start by connecting all your storage devices to your PC (USB keys, external hard drives...). Turn them on if necessary.
- Under Online Demonstration, we explain how to proceed, and to start the scan, you need to select < Run online scan >.
- You will be asked to download an ActiveX control, accept it.
- In the < Select the target of the scan > menu, select < Workstation >. The scan will begin.
- Please post the report that will be generated. (click on < save the report > and then save it on your desktop choosing "text file (*.txt)" for the extension).
If there is a problem, make sure that the ActiveX controls are correctly configured in the internet options as described in this link: http://www.inoculer.com/activex.php3
Reminder: the scan must be done in Internet Explorer
Tutorial here if you have a problem: http://www.vista-xp.fr/forum/topic109.html
NOTE: If you receive the message "The license of Kaspersky On-line Scanner has expired", go to Add/Remove Programs and uninstall On-Line Scanner, reconnect to the Kaspersky site to retry the online scan.
For the Kaspersky report, you need to choose "Show report" and then save it on your desktop as a text file (file type "all files").
Thank you.
:-)
--
Fire Walk with Me ~~~~~~~~~> o_Ö
URGENT!!! GIVE ME DRIVERS!!! I WANT DRIVERS! HELP ME! FAST!!!!!
Hick, Hack and Crack-Boom-Euuuu (created by Tutéféniker©®™)
before deleting anything can you do this please?
> Perform an online scan with Kaspersky: https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
Note: The scan only works in Internet Explorer.
- Start by connecting all your storage devices to your PC (USB keys, external hard drives...). Turn them on if necessary.
- Under Online Demonstration, we explain how to proceed, and to start the scan, you need to select < Run online scan >.
- You will be asked to download an ActiveX control, accept it.
- In the < Select the target of the scan > menu, select < Workstation >. The scan will begin.
- Please post the report that will be generated. (click on < save the report > and then save it on your desktop choosing "text file (*.txt)" for the extension).
If there is a problem, make sure that the ActiveX controls are correctly configured in the internet options as described in this link: http://www.inoculer.com/activex.php3
Reminder: the scan must be done in Internet Explorer
Tutorial here if you have a problem: http://www.vista-xp.fr/forum/topic109.html
NOTE: If you receive the message "The license of Kaspersky On-line Scanner has expired", go to Add/Remove Programs and uninstall On-Line Scanner, reconnect to the Kaspersky site to retry the online scan.
For the Kaspersky report, you need to choose "Show report" and then save it on your desktop as a text file (file type "all files").
Thank you.
:-)
--
Fire Walk with Me ~~~~~~~~~> o_Ö
URGENT!!! GIVE ME DRIVERS!!! I WANT DRIVERS! HELP ME! FAST!!!!!
Hick, Hack and Crack-Boom-Euuuu (created by Tutéféniker©®™)
Hello; start with this I have to move but someone else will take over, this is just to give you a heads up
post a HijackThis report (diagnostic tool)
Download http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
--) Save HJTInstall.exe on your desktop
--) Double-click on HJTInstall.exe to launch the program
--) By default, it will be installed here C:\Programme Files\Trend Micro\HijackThis
--) Accept the license by clicking on the "I Accept" button
--) Choose the option "Do a system scan and save a log file"
--) Click on "Save log" to save the report that will open with Notepad
--) Click on "Edit -> Select All", then on "Edit -> Copy" to copy the entire content of the report
--) Paste the report you just copied on this forum
--) Do not fix ANY line yet,
--
By Lack Of Curiosity We Risk Dying Ignorant; You are free to think that you are C..,
but C.. to think that you are free... thank you australe13
post a HijackThis report (diagnostic tool)
Download http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
--) Save HJTInstall.exe on your desktop
--) Double-click on HJTInstall.exe to launch the program
--) By default, it will be installed here C:\Programme Files\Trend Micro\HijackThis
--) Accept the license by clicking on the "I Accept" button
--) Choose the option "Do a system scan and save a log file"
--) Click on "Save log" to save the report that will open with Notepad
--) Click on "Edit -> Select All", then on "Edit -> Copy" to copy the entire content of the report
--) Paste the report you just copied on this forum
--) Do not fix ANY line yet,
--
By Lack Of Curiosity We Risk Dying Ignorant; You are free to think that you are C..,
but C.. to think that you are free... thank you australe13
"C:\WINDOWS\brastk.exe Infected: Virus.Win32.Virut.n ignored"
---> Even the infection is infected by Virut lol.
---> Even the infection is infected by Virut lol.
Thank you, Benurrr.
Anyway, I need to format my C: drive and I have almost no software installed, so instead of formatting it with the Windows installation CD, could you tell me the software and the steps to perform a deep format?
After that, I will install Avast (the installation of Avira didn't work; I will post the content of the error message later) and I will scan my E: drive and my D: HDD.
What do you think of this procedure?
Anyway, I need to format my C: drive and I have almost no software installed, so instead of formatting it with the Windows installation CD, could you tell me the software and the steps to perform a deep format?
After that, I will install Avast (the installation of Avira didn't work; I will post the content of the error message later) and I will scan my E: drive and my D: HDD.
What do you think of this procedure?
look here if you find your happiness
http://www.commentcamarche.net/faq/sujet 543 formatting a hard drive
--
Due to a lack of curiosity, we risk dying ignorant; you are free to think you are C..,
but it's C.. to think you are free... thanks to australe13
http://www.commentcamarche.net/faq/sujet 543 formatting a hard drive
--
Due to a lack of curiosity, we risk dying ignorant; you are free to think you are C..,
but it's C.. to think you are free... thanks to australe13
Hi DllD.
My girlfriend has the same virus on her laptop. I did an online scan with BitDefender (I couldn’t install the ActiveX controls for Inoculate and Kaspersky) which removed quite a few nasties.
Then I installed Spybot and Avast. Avast didn’t detect anything at startup during the HDD scan, but once Windows XP launched, it detected win32:virut. I clicked on "do nothing" and disabled Avast's resident protection.
Should I follow what’s indicated in this tutorial: https://www.malekal.com/supprimer-win32virut/?
Thanks for all your contributions.
My girlfriend has the same virus on her laptop. I did an online scan with BitDefender (I couldn’t install the ActiveX controls for Inoculate and Kaspersky) which removed quite a few nasties.
Then I installed Spybot and Avast. Avast didn’t detect anything at startup during the HDD scan, but once Windows XP launched, it detected win32:virut. I clicked on "do nothing" and disabled Avast's resident protection.
Should I follow what’s indicated in this tutorial: https://www.malekal.com/supprimer-win32virut/?
Thanks for all your contributions.
Hello,
I had forgotten to redo my message.
But for your case, formatting was assured.
My condolences for the PCs.
Well,
for your girlfriend's PC: yes, that's a solution. That's why I was asking you for a Kasper online earlier.
I draw your attention to two of Malekal's sentences:
If you are infected, I advise you to start the minimum number of programs to limit the spread of the virus.
and
Warning, depending on the extent of the infection, the only reliable solution to get rid of the virus may be formatting.
There is another method that I think is more effective because it is directly adapted (I recommend doing both and starting with the one with Rmvirut and DrWeb (method 1)).
Start by backing up all your personal files on an external hard drive (except any cracks you have).
Method 1:
> Download the following programs to your desktop:
- http://www.commentcamarche.net/telecharger/telecharger 34055348 rmvirut or http://download.grisoft.cz/filedir/util/avg_rem_sup.dir/rmvirut/
- http://www.grisoft.cz/filedir/util/avg_rem_sup.dir/rmvirut/rmvirut.nt
- Create a new folder on your Desktop (Right-click => New => Folder) and place the downloaded programs in it (not elsewhere).
- Launch rmvirut.exe: the scan will start, please wait.
- Save the report that will be generated in the folder created on your desktop and then post this report on the forum.
NB: It may turn out that the report is too long to be posted. In that case, use this service http://www.cijoint.fr to send it to me (upload the file and then post the link on the forum).
- Launch Dr.Web CureIt:
- Click on <Scan> then <Ok> when prompted for a quick scan.
The scan will analyze the processes loaded in memory. If it finds infections, click the <Yes> button for each prompt.
NB: a window will open with options for "Order" or "50% discount". Exit by clicking <X>.
- Once the quick scan is complete, click <Menu Options> then choose <Change configuration>. Choose the <Scanner> tab, uncheck <Heuristic analysis> then click <Ok>.
- Back in the main window, click to enable <Full analysis> then on the button with the green arrow => the scan will then begin.
- When a file is detected, click <Yes> for everything at the <Disinfect?> prompt then click <Disinfect>.
- When the scan is finished, check if you can click on this icon adjacent to the detected files. If yes, then click on it and then click on the <Next> icon below, and choose <Move the unwanted object to quarantine>.
- At the top left of the main menu of the tool, click on the <File> menu and choose <Save report>.
- Save the report in the folder on your desktop created at the beginning of the process. It is named: DrWeb.csv
- Close Dr.Web Cureit.
- Restart your PC (this is very important because some files may be moved/repaired upon restart).
- After restarting, copy/paste the Dr. Web report on the forum.
Method 2: that of Malekal.
> Download the trial version of Kaspersky but do not install it: https://www.malekal.com/tutorial-kaspersky-trial/
Then,
> Download eScan Antivirus Toolkit (without installing it): http://www.spywareinfo.dk/download/mwav.exe
- Start Windows in safe mode with networking: Restart your computer, tap the F8 key before the page with the Windows logo. A menu appears, select Safe mode with networking.
- Start the installation of Kaspersky Trial. After installation, during configuration via the wizard:
- Activate the 30-day trial license version.
- Start an automatic update.
- Enable basic protection.
- Do not start the scan once the program is installed and configured
- Install eScan Antivirus Toolkit in the Kaspersky folder (C:\Kaspersky).
- Open the C:\Kaspersky folder and double-click on kavupd.exe to update eScan.
- Open the mwavscan.com file (from eScan) and check the options as indicated on this page: https://www.malekal.com/fichiers/eScan/eScan3.png
- Click <Scan Clean> to start the scan.
- When the scan with eScan Antivirus Toolkit is complete, start Kaspersky from the Start Menu / All Programs / Kaspersky Anti-virus
- An icon with a gray K will appear at the bottom right next to the clock.
- Right-click on this icon and choose <Scan My Computer>.
- The computer scan will start. Once the scan is complete, delete all detected malware.
- If you have the option to get a report, then save it on your desktop and post it on the forum.
- Restart the computer.
I wish you good luck.
See you later
--
Fire Walk with Me ~~~~~~~~~~> o_Ö
URGENT !!! GIVE ME DRIVERS !!! I WANT DRIVERS! HELP ME! QUICK!!!!!
Hick, Hack and Crack-Boom-Euuuu (created by Tutéféniker©®™)
I had forgotten to redo my message.
But for your case, formatting was assured.
My condolences for the PCs.
Well,
for your girlfriend's PC: yes, that's a solution. That's why I was asking you for a Kasper online earlier.
I draw your attention to two of Malekal's sentences:
If you are infected, I advise you to start the minimum number of programs to limit the spread of the virus.
and
Warning, depending on the extent of the infection, the only reliable solution to get rid of the virus may be formatting.
There is another method that I think is more effective because it is directly adapted (I recommend doing both and starting with the one with Rmvirut and DrWeb (method 1)).
Start by backing up all your personal files on an external hard drive (except any cracks you have).
Method 1:
> Download the following programs to your desktop:
- http://www.commentcamarche.net/telecharger/telecharger 34055348 rmvirut or http://download.grisoft.cz/filedir/util/avg_rem_sup.dir/rmvirut/
- http://www.grisoft.cz/filedir/util/avg_rem_sup.dir/rmvirut/rmvirut.nt
- Create a new folder on your Desktop (Right-click => New => Folder) and place the downloaded programs in it (not elsewhere).
- Launch rmvirut.exe: the scan will start, please wait.
- Save the report that will be generated in the folder created on your desktop and then post this report on the forum.
NB: It may turn out that the report is too long to be posted. In that case, use this service http://www.cijoint.fr to send it to me (upload the file and then post the link on the forum).
- Launch Dr.Web CureIt:
- Click on <Scan> then <Ok> when prompted for a quick scan.
The scan will analyze the processes loaded in memory. If it finds infections, click the <Yes> button for each prompt.
NB: a window will open with options for "Order" or "50% discount". Exit by clicking <X>.
- Once the quick scan is complete, click <Menu Options> then choose <Change configuration>. Choose the <Scanner> tab, uncheck <Heuristic analysis> then click <Ok>.
- Back in the main window, click to enable <Full analysis> then on the button with the green arrow => the scan will then begin.
- When a file is detected, click <Yes> for everything at the <Disinfect?> prompt then click <Disinfect>.
- When the scan is finished, check if you can click on this icon adjacent to the detected files. If yes, then click on it and then click on the <Next> icon below, and choose <Move the unwanted object to quarantine>.
- At the top left of the main menu of the tool, click on the <File> menu and choose <Save report>.
- Save the report in the folder on your desktop created at the beginning of the process. It is named: DrWeb.csv
- Close Dr.Web Cureit.
- Restart your PC (this is very important because some files may be moved/repaired upon restart).
- After restarting, copy/paste the Dr. Web report on the forum.
Method 2: that of Malekal.
> Download the trial version of Kaspersky but do not install it: https://www.malekal.com/tutorial-kaspersky-trial/
Then,
> Download eScan Antivirus Toolkit (without installing it): http://www.spywareinfo.dk/download/mwav.exe
- Start Windows in safe mode with networking: Restart your computer, tap the F8 key before the page with the Windows logo. A menu appears, select Safe mode with networking.
- Start the installation of Kaspersky Trial. After installation, during configuration via the wizard:
- Activate the 30-day trial license version.
- Start an automatic update.
- Enable basic protection.
- Do not start the scan once the program is installed and configured
- Install eScan Antivirus Toolkit in the Kaspersky folder (C:\Kaspersky).
- Open the C:\Kaspersky folder and double-click on kavupd.exe to update eScan.
- Open the mwavscan.com file (from eScan) and check the options as indicated on this page: https://www.malekal.com/fichiers/eScan/eScan3.png
- Click <Scan Clean> to start the scan.
- When the scan with eScan Antivirus Toolkit is complete, start Kaspersky from the Start Menu / All Programs / Kaspersky Anti-virus
- An icon with a gray K will appear at the bottom right next to the clock.
- Right-click on this icon and choose <Scan My Computer>.
- The computer scan will start. Once the scan is complete, delete all detected malware.
- If you have the option to get a report, then save it on your desktop and post it on the forum.
- Restart the computer.
I wish you good luck.
See you later
--
Fire Walk with Me ~~~~~~~~~~> o_Ö
URGENT !!! GIVE ME DRIVERS !!! I WANT DRIVERS! HELP ME! QUICK!!!!!
Hick, Hack and Crack-Boom-Euuuu (created by Tutéféniker©®™)
1) DllD, I followed your recommendations and installed rmvirut in a new file on the desktop: Problem: when I run it, I get the following error message: "The virus is active in memory and may disrupt cleaning. It is necessary to run the remover after reboot."
I reboot the PC, it performs the scan during startup indicating that everything is okay. But when I restart a scan with rmvirut, I get the same error message. I stopped there, not having a report to post, without running Dr. Web CureIt.
2) After that, I had the bright idea to modify the browser security settings to be able to download ActiveX controls, and I was able to launch an online scan with Kaspersky. It found quite a few locked files that were not scanned, 24 infected files, and 7 viruses.
The report is as follows:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, November 24, 2008 1:22:51 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.84.2
Last update of the Kaspersky antivirus database: 10/23/2008
Records in the Kaspersky antivirus database: 1,341,077
-------------------------------------------------------------------------------
Scan Settings:
Scan with the following antivirus database: full
Scan archives: true
Scan email bases: true
Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\alice\IMPOST~1\Temp\
Scan Statistics:
Total objects scanned: 16,641
Number of viruses found: 7
Number of infected objects: 24 / 0
Number of suspicious objects: 0
Duration of the scan: 00:10:17
Name of the infected object / Name of the virus / Last action
C:\WINDOWS\system32\config\system.LOG The object is locked ignored
C:\WINDOWS\system32\config\software.LOG The object is locked ignored
C:\WINDOWS\system32\config\default.LOG The object is locked ignored
C:\WINDOWS\system32\config\SECURITY The object is locked ignored
C:\WINDOWS\system32\config\SAM The object is locked ignored
C:\WINDOWS\system32\config\SAM.LOG The object is locked ignored
C:\WINDOWS\system32\config\SECURITY.LOG The object is locked ignored
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\wr[1].jpg Infected: Trojan-Downloader.Win32.Agent.ahus ignored
C:\WINDOWS\system32\config\SYSTEM The object is locked ignored
C:\WINDOWS\system32\config\SOFTWARE The object is locked ignored
C:\WINDOWS\system32\config\DEFAULT The object is locked ignored
C:\WINDOWS\system32\config\SysEvent.Evt The object is locked ignored
C:\WINDOWS\system32\config\AppEvent.Evt The object is locked ignored
C:\WINDOWS\system32\config\SecEvent.Evt The object is locked ignored
C:\WINDOWS\system32\config\Antivirus.Evt The object is locked ignored
C:\WINDOWS\system32\drivers\beep.sys Infected: Backdoor.Win32.UltimateDefender.a ignored
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR The object is locked ignored
C:\WINDOWS\system32\dllcache\beep.sys Infected: Backdoor.Win32.UltimateDefender.a ignored
C:\WINDOWS\system32\spoolsv.exe Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\system32\CatRoot2\edb.log The object is locked ignored
C:\WINDOWS\system32\CatRoot2\tmp.edb The object is locked ignored
C:\WINDOWS\system32\h323log.txt The object is locked ignored
C:\WINDOWS\system32\ChCfg.exe Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\system32\karna.dat Infected: Backdoor.Win32.Small.gjm ignored
C:\WINDOWS\system32\alg.exe.tmp Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\system32\wini10331.exe Infected: not-a-virus:FraudTool.Win32.XPSecurityCenter.be ignored
C:\WINDOWS\system32\spoolsv.exe.tmp Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\system32\ctfmon.exe.tmp Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\Temp\stf2B.tmp Infected: Trojan-Downloader.Win32.Agent.ajiq ignored
C:\WINDOWS\Temp\stf2.tmp Infected: Trojan-Downloader.Win32.Agent.ajiq ignored
C:\WINDOWS\Debug\PASSWD.LOG The object is locked ignored
C:\WINDOWS\brastk.exe Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\karna.dat Infected: Backdoor.Win32.Small.gjm ignored
C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\Sti_Trace.log The object is locked ignored
C:\WINDOWS\wiaservc.log The object is locked ignored
C:\WINDOWS\wiadebug.log The object is locked ignored
C:\WINDOWS\WindowsUpdate.log The object is locked ignored
C:\WINDOWS\SchedLgU.Txt The object is locked ignored
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log The object is locked ignored
C:\WINDOWS\SoftwareDistribution\EventCache\{6A7CED1B-D1FC-4264-B876-D889CA56925E}.bin The object is locked ignored
C:\WINDOWS\explorer.exe.tmp Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\$NtUninstallKB956390$\iedw.exe.000 Infected: Virus.Win32.Virut.n ignored
C:\DOCUME~1\alice\IMPOST~1\Temp\wrdwn2/XP_AntiSpyware.exe Infected: Trojan.Win32.FraudPack.gju ignored
C:\DOCUME~1\alice\IMPOST~1\Temp\wrdwn2 CAB: infected - 1 ignored
C:\DOCUME~1\alice\IMPOST~1\Temp\Temporary Internet Files\Content.IE5\G7KNILEX\Binaries1[1].cab/XP_AntiSpyware.exe Infected: Trojan.Win32.FraudPack.gju ignored
C:\DOCUME~1\alice\IMPOST~1\Temp\Temporary Internet Files\Content.IE5\G7KNILEX\Binaries1[1].cab CAB: infected - 1 ignored
C:\DOCUME~1\alice\IMPOST~1\Temp\wrdwn6/XP_AntiSpyware.exe Infected: Trojan.Win32.FraudPack.gju ignored
C:\DOCUME~1\alice\IMPOST~1\Temp\wrdwn6 CAB: infected - 1 ignored
Scan completed.
I reboot the PC, it performs the scan during startup indicating that everything is okay. But when I restart a scan with rmvirut, I get the same error message. I stopped there, not having a report to post, without running Dr. Web CureIt.
2) After that, I had the bright idea to modify the browser security settings to be able to download ActiveX controls, and I was able to launch an online scan with Kaspersky. It found quite a few locked files that were not scanned, 24 infected files, and 7 viruses.
The report is as follows:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, November 24, 2008 1:22:51 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.84.2
Last update of the Kaspersky antivirus database: 10/23/2008
Records in the Kaspersky antivirus database: 1,341,077
-------------------------------------------------------------------------------
Scan Settings:
Scan with the following antivirus database: full
Scan archives: true
Scan email bases: true
Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\alice\IMPOST~1\Temp\
Scan Statistics:
Total objects scanned: 16,641
Number of viruses found: 7
Number of infected objects: 24 / 0
Number of suspicious objects: 0
Duration of the scan: 00:10:17
Name of the infected object / Name of the virus / Last action
C:\WINDOWS\system32\config\system.LOG The object is locked ignored
C:\WINDOWS\system32\config\software.LOG The object is locked ignored
C:\WINDOWS\system32\config\default.LOG The object is locked ignored
C:\WINDOWS\system32\config\SECURITY The object is locked ignored
C:\WINDOWS\system32\config\SAM The object is locked ignored
C:\WINDOWS\system32\config\SAM.LOG The object is locked ignored
C:\WINDOWS\system32\config\SECURITY.LOG The object is locked ignored
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\wr[1].jpg Infected: Trojan-Downloader.Win32.Agent.ahus ignored
C:\WINDOWS\system32\config\SYSTEM The object is locked ignored
C:\WINDOWS\system32\config\SOFTWARE The object is locked ignored
C:\WINDOWS\system32\config\DEFAULT The object is locked ignored
C:\WINDOWS\system32\config\SysEvent.Evt The object is locked ignored
C:\WINDOWS\system32\config\AppEvent.Evt The object is locked ignored
C:\WINDOWS\system32\config\SecEvent.Evt The object is locked ignored
C:\WINDOWS\system32\config\Antivirus.Evt The object is locked ignored
C:\WINDOWS\system32\drivers\beep.sys Infected: Backdoor.Win32.UltimateDefender.a ignored
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA The object is locked ignored
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR The object is locked ignored
C:\WINDOWS\system32\dllcache\beep.sys Infected: Backdoor.Win32.UltimateDefender.a ignored
C:\WINDOWS\system32\spoolsv.exe Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\system32\CatRoot2\edb.log The object is locked ignored
C:\WINDOWS\system32\CatRoot2\tmp.edb The object is locked ignored
C:\WINDOWS\system32\h323log.txt The object is locked ignored
C:\WINDOWS\system32\ChCfg.exe Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\system32\karna.dat Infected: Backdoor.Win32.Small.gjm ignored
C:\WINDOWS\system32\alg.exe.tmp Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\system32\wini10331.exe Infected: not-a-virus:FraudTool.Win32.XPSecurityCenter.be ignored
C:\WINDOWS\system32\spoolsv.exe.tmp Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\system32\ctfmon.exe.tmp Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\Temp\stf2B.tmp Infected: Trojan-Downloader.Win32.Agent.ajiq ignored
C:\WINDOWS\Temp\stf2.tmp Infected: Trojan-Downloader.Win32.Agent.ajiq ignored
C:\WINDOWS\Debug\PASSWD.LOG The object is locked ignored
C:\WINDOWS\brastk.exe Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\karna.dat Infected: Backdoor.Win32.Small.gjm ignored
C:\WINDOWS\Installer\{90110410-6000-11D3-8CFE-0150048383C9}\outicon.exe Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\Sti_Trace.log The object is locked ignored
C:\WINDOWS\wiaservc.log The object is locked ignored
C:\WINDOWS\wiadebug.log The object is locked ignored
C:\WINDOWS\WindowsUpdate.log The object is locked ignored
C:\WINDOWS\SchedLgU.Txt The object is locked ignored
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log The object is locked ignored
C:\WINDOWS\SoftwareDistribution\EventCache\{6A7CED1B-D1FC-4264-B876-D889CA56925E}.bin The object is locked ignored
C:\WINDOWS\explorer.exe.tmp Infected: Virus.Win32.Virut.n ignored
C:\WINDOWS\$NtUninstallKB956390$\iedw.exe.000 Infected: Virus.Win32.Virut.n ignored
C:\DOCUME~1\alice\IMPOST~1\Temp\wrdwn2/XP_AntiSpyware.exe Infected: Trojan.Win32.FraudPack.gju ignored
C:\DOCUME~1\alice\IMPOST~1\Temp\wrdwn2 CAB: infected - 1 ignored
C:\DOCUME~1\alice\IMPOST~1\Temp\Temporary Internet Files\Content.IE5\G7KNILEX\Binaries1[1].cab/XP_AntiSpyware.exe Infected: Trojan.Win32.FraudPack.gju ignored
C:\DOCUME~1\alice\IMPOST~1\Temp\Temporary Internet Files\Content.IE5\G7KNILEX\Binaries1[1].cab CAB: infected - 1 ignored
C:\DOCUME~1\alice\IMPOST~1\Temp\wrdwn6/XP_AntiSpyware.exe Infected: Trojan.Win32.FraudPack.gju ignored
C:\DOCUME~1\alice\IMPOST~1\Temp\wrdwn6 CAB: infected - 1 ignored
Scan completed.
A small clarification: I only analyzed the critical areas. My girlfriend is fed up with me spending time trying to fix our PCs. She's ready to continue living with her virus. Do you think that's a good thing?
Uh?!
She is ready to continue living with her virus.,
Is this a joke? Did you see what happened to your PC?! The same fate awaits your girlfriend's. Right now it's not too infected. But it is. And it's not just Virut.
Do this operation then: https://www.malekal.com/supprimer-win32virut/
Then post a new Kaspers report.
Thank you.
See you later.
--
Fire Walk with Me ~~~~~~~~~>> o_Ö
URGENT!!! GIVE ME DRIVERS!!! I WANT DRIVERS! HELP ME! QUICK!!!!!
Hick, Hack and Crack-Boom-Euuuu (created by Tutéféniker©®™)
She is ready to continue living with her virus.,
Is this a joke? Did you see what happened to your PC?! The same fate awaits your girlfriend's. Right now it's not too infected. But it is. And it's not just Virut.
Do this operation then: https://www.malekal.com/supprimer-win32virut/
Then post a new Kaspers report.
Thank you.
See you later.
--
Fire Walk with Me ~~~~~~~~~>> o_Ö
URGENT!!! GIVE ME DRIVERS!!! I WANT DRIVERS! HELP ME! QUICK!!!!!
Hick, Hack and Crack-Boom-Euuuu (created by Tutéféniker©®™)
I submitted it, hoping that Destrio's response will carry weight. Virut is tough.
Otherwise, what are your interpretations of the Kaspersky scan log?
Otherwise, what are your interpretations of the Kaspersky scan log?
I have formatted my system partition (C:) several times with the Windows boot CD, but today, no matter how many times I delete the partition and reinstall Windows on the unpartitioned space, the installation of Windows does not complete. I had to accept that Avast deleted some essential .exe files.
I am therefore considering formatting my partition with the Ubuntu live CD and then reinstalling Windows on it.
Otherwise, the last resort will be Diskwipe (which means a low-level format of the entire HDD and thus loss of my data partition...).
I am therefore considering formatting my partition with the Ubuntu live CD and then reinstalling Windows on it.
Otherwise, the last resort will be Diskwipe (which means a low-level format of the entire HDD and thus loss of my data partition...).