i got infected with this virus and tryed to remove it , did also all the steps like restart in safe mode scan with drweb cureit , fixvirut and rmvirut from avg , my kaspersky internet security 2010 is up to date , but when i try to update it ,the antivirus would not connect to the server and also i tried to run programs like internet explorer and it tells me that i don't have the administrator rights to run this program , now i am in safe mode . Does this mean that the virus is still there , what should i do next ? please help .



Edit: topic moved to HJT removal - CB

Hi,

First we need to verify that you do indeed have virut.

If this is the case. There is nothing to do but reformat and re-install your operating system as virut is a polymorphic file infector and will have destroyed pretty much every file on your system.

Please do the following:

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  

  
  c:\windows\explorer.exe
  

• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Please do the same for the following files:

c:\windows\system32\userinit.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\svchost.exe

I scanned all those files and did'nt find nothing , but i am running windows in safe mode because in normal mode the internet explorer wont open , does that afect the scan ?

It shouldn't. - what program told you that you had virut.

If you have any logs from all of the scans you have performed (especially Dr.Web - please post them)

here's the log file , i told you , in normal mode i cannot run any program , should i reinstall my OS ? and ofcourse delete all the .exe-s that i have on the other drive ?


... i restarted the computer and it turned on in normal mode , and when i retried to restart i see and error message that says You don't have the permision to shut down the computer , when i try to open something there's also an error message that says : this program doesnt have any asociated program to open or something like that , now i can see only the wallpaper

This post has been edited by zb3ngyu: Jul 4 2009, 06:21 AM

Hi,

Virut cannot be cleaned - regardless of what the scanner says about removing the infection. There are always traces left that will eventually respawn.

You will need to do a total reformat/reinstall...

I will post my usual explanation for virut:



VIRUTis a polymorphic file infector with some additional features. It spreads all around the drive and infects even files infected by another virus previously.

Unfortunately, the cleaning of this virus is not recommended.

The only thing we recommend is to do a full reformat and install.

We have an excellent tutorial on how to reformat here

Things to bear in mind, only back up data files (word, excell etc.) DO NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.pif/.com/.rar files... as they could all be infected and will simply re-infect your system again, there is no way of being certain what this infection can do.

Read more about the VIRUT FILE INFECTOR HERE

If you don't have a Windows Installation Disk (if this came with Windows pre-installed), you may have a Manufacturer restore disk to restore the computer to its original state - this depends on the Manufacturer though. Otherwise, give the Manufacturer a call and ask them to send you a restore disk or Windows installation CD.

Here is a guide on backing up your data;
Although you can use whatever method you prefer.

Do not back up to another machine, as it may become compromised.

Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

Should you have any questions, please feel free to ask.

I am sorry there is nothing more that we can do.


More information:



Miekiemoes, a highly regarded expert in malware removal, and an MS-MVP,
has an extremely informative blog post about Virut. - she only ever recommends a total reformat.

At least this way, you have the best chance of having a clean machine once more.

For future protection read this very well written article Think Prevention.

Thank you very much for your time i already started to reinstall .

Good Luck,

At least this way, you will have a clean machine again.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.