[Resolved] PC Infection (google search issue/popups)

What the Tech? It's as easy as 1,2,3! ( Log In | Register )

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

2 Pages

< 1 2

[Resolved] PC Infection (google search issue/popups), Google search issue, explorer & antivirus popups

Options

usah View Member Profile	Jul 4 2009, 01:02 PM Post #16
New Member Group: Authentic Member Posts: 12 Joined: 1-July 09 Member No.: 86,499 Operating System: Windows XP	Okay, PC was alright for a while, my father was online for a few hours and we are now infected again. Only this time I can not use firefox at all (errors) and can't get into safe mode. When i select safe mode it stops on the black screen w/ the scrolling white text and the PC restarts. So sorry we have back tracked. Any ideas are very much appreciated. Thank you again for your time.

usah View Member Profile	Jul 4 2009, 01:07 PM Post #17
New Member Group: Authentic Member Posts: 12 Joined: 1-July 09 Member No.: 86,499 Operating System: Windows XP	Also, forgot to mention, I get the "Firefox has encountered a problem and needs to close. Sorry for the inconvenience." popup. And I can not get Combofix to open to get another log file.

Axephilic View Member Profile	Jul 4 2009, 11:38 PM Post #18
MRU Graduate Group: Malware Team Posts: 87 Joined: 28-July 07 From: Wisconsin, US Member No.: 71,717 Operating System: Windows Vista Home Premium	Your System is infected with Virut!! Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto. For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine. More information: http://free.avg.com/66558 QUOTE There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus. http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034 QUOTE W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine. It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either: Immediately before the encrypted code at the end of the last section At the end of the code section of the infected host in 'slack-space' (assuming there is any) At the original entry point of the host (overwriting the original host code) Miekiemoes, an expert for malware removal, and an MS-MVP, additionally has a blog post about Virut. I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files... This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again. Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

usah View Member Profile	Jul 5 2009, 06:46 AM Post #19
New Member Group: Authentic Member Posts: 12 Joined: 1-July 09 Member No.: 86,499 Operating System: Windows XP	I see. Well, I will be sure to save any pictures and such and will run their Windows recovery discs (today) as soon as they are sure we have everything of importance. Thank you for your time on this issue.

Axephilic View Member Profile	Jul 5 2009, 12:52 PM Post #20
MRU Graduate Group: Malware Team Posts: 87 Joined: 28-July 07 From: Wisconsin, US Member No.: 71,717 Operating System: Windows Vista Home Premium	Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Infections Removal · Next Newest »

2 Pages

< 1 2

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Similar Topics

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal Infection Removal - USB drivers - XP SP updates 12	21	cklenertz	346	Today, 08:58 AM Last post by: Tomk
Infections Removal Google Redirect/Invalid Security Certificate	1	mekap04	19	Today, 06:09 AM Last post by: Raktor
Infections Removal Google Redirects	6	Calvin.sparta	144	Today, 12:52 AM Last post by: inzanity
Infections Removal Google redirects & spybot,hijack this problems 123» 7	99	arfon.jones	2,486	Yesterday, 04:21 PM Last post by: noahdfear

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 21st November 2009 - 10:51 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy