What the Tech logo

What the Tech? It's as easy as 1,2,3! ( Log In | Register )
Easy as 1,2,3!

2 Pages V  < 1 2  
Closed TopicStart new topic
> [Resolved] PC Infection (google search issue/popups), Google search issue, explorer & antivirus popups
usah
post Jul 4 2009, 01:02 PM
Post #16


New Member
*

Group: Authentic Member
Posts: 12
Joined: 1-July 09
Member No.: 86,499
Operating System: Windows XP



Okay, PC was alright for a while, my father was online for a few hours and we are now infected again. Only this time I can not use firefox at all (errors) and can't get into safe mode. When i select safe mode it stops on the black screen w/ the scrolling white text and the PC restarts. So sorry we have back tracked. Any ideas are very much appreciated.

Thank you again for your time.
Go to the top of the page
 
+Quote Post
usah
post Jul 4 2009, 01:07 PM
Post #17


New Member
*

Group: Authentic Member
Posts: 12
Joined: 1-July 09
Member No.: 86,499
Operating System: Windows XP



Also, forgot to mention, I get the "Firefox has encountered a problem and needs to close. Sorry for the inconvenience." popup.

And I can not get Combofix to open to get another log file.
Go to the top of the page
 
+Quote Post
Axephilic
post Jul 4 2009, 11:38 PM
Post #18


MRU Graduate
Group Icon

Group: Malware Team
Posts: 87
Joined: 28-July 07
From: Wisconsin, US
Member No.: 71,717
Operating System: Windows Vista Home Premium



Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558
QUOTE
There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.

http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034
QUOTE
W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)

Miekiemoes, an expert for malware removal, and an MS-MVP, additionally has a blog post about Virut.

I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc..
Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.

Read here for instructions how to format and reinstall Windows
:

http://web.mit.edu/ist/products/winxp/adva...all-format.html
Go to the top of the page
 
+Quote Post
usah
post Jul 5 2009, 06:46 AM
Post #19


New Member
*

Group: Authentic Member
Posts: 12
Joined: 1-July 09
Member No.: 86,499
Operating System: Windows XP



I see. Well, I will be sure to save any pictures and such and will run their Windows recovery discs (today) as soon as they are sure we have everything of importance.

Thank you for your time on this issue.
Go to the top of the page
 
+Quote Post
Axephilic
post Jul 5 2009, 12:52 PM
Post #20


MRU Graduate
Group Icon

Group: Malware Team
Posts: 87
Joined: 28-July 07
From: Wisconsin, US
Member No.: 71,717
Operating System: Windows Vista Home Premium



Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Go to the top of the page
 
+Quote Post

2 Pages V  < 1 2
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 


RSS Time is now: 21st November 2009 - 10:51 AM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy