[Resolved] Anti Virus Pro 2010 Post Infection Mess
#1
Posted 09 October 2009 - 09:43 AM
Register to Remove
#2
Posted 12 October 2009 - 05:34 AM
Welcome to the Whatthetech Malware Removal Forum,
All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.
Download Dr.Web CureIt to the desktop:
- Doubleclick the drweb-cureit icon to start the program.
- press start
- Allow the program to run the initial express scan
- This will scan the files currently running in memory. If something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.
Note: A pop up may appear during this phase suggesting you purchase their program - click the X at the top right corner of this pop-up to close it.
- Once the short scan has finished, check the Complete scan box on the left side, even if nothing was found on the initial scan.
- Then click the small green arrow button on the right under the Dr.Web Antivirus picture to start the complete scan. (This scan will take several hours)
- During this complete scan - if Dr.Web finds an infection a window will pop up requesting your attention. Select the Cure button.
- Note:(If the file cannot be cured, Dr.Web will automatically delete the file)
- Once the scan is complete, on the menu bar, click file and choose report list.
- Save the report to your desktop. The report will be called DrWeb.csv
- Note:this report will need to be renamed to Dr.Web.txt in order to post it on the forum.
- Close Dr.Web Cureit.
- Please post the Dr.Web.txt report in your next reply
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#3
Posted 12 October 2009 - 07:33 AM
#4
Posted 12 October 2009 - 10:01 AM
Try running it in Safemode.
To Enter Safemode
- Go to Start> Shut off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu. - Use the Up and Down Arrow Keys to scroll up to Safemode
- Then press the Enter Key on your Keyboard
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#5
Posted 12 October 2009 - 10:29 AM
#6
Posted 12 October 2009 - 10:39 AM
You have markers in your log for a Virut infection, this is one is uncleanable. The reason for asking for a Dr Web report as it would confirm it.
Can you run an online virus scanner?
Please do a scan with Kaspersky Online Scanner or from Here.
- Click on the Accept button and install any components it needs.
- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer.
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run. (At times it may appear to stall)
- Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
- Once the scan is complete, click on View scan report To obtain the report:
- Click on: Save Report As
- Next, in the Save as prompt, Save in area, select: Desktop
- In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
- Then, click: Save
- Please post the Kaspersky Online Scanner Report in your reply.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#7
Posted 12 October 2009 - 10:53 AM
#8
Posted 12 October 2009 - 11:25 AM
To Enter Safemode
- Go to Start> Shut off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu. - Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
- Then press the Enter Key on your Keyboard
Please run this free online virus scanner from ESET
- Note: You will need to use Internet explorer for this scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#9
Posted 12 October 2009 - 06:29 PM
#10
Posted 12 October 2009 - 06:42 PM
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
Register to Remove
#11
Posted 12 October 2009 - 06:52 PM
#12
Posted 12 October 2009 - 06:56 PM
#13
Posted 12 October 2009 - 06:57 PM
#14
Posted 12 October 2009 - 07:08 PM
You have a real nasty infection on your system. Virut/Virtob is a file infector virus with IRC bot functionality which infects all .exe and .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. When disinfection is attempted, the files become corrupted and the system may become irreparable.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Please read "When should I re-format?" and "Reformatting the computer or troubleshooting; which is best?".
If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.
Virut/Virtob is contracted and spread by visiting remote, crack and keygen sites. Those who attempt to get software for free may end up with a computer system so badly damaged that recovery is not possible and a Repair Install will NOT help! Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Starting over, reformatting the drive and performing a clean install removes everything.
Right now, the best thing you can do is to backup, preferably to CD, all your important data, documents, pictures, movies, and songs.
DO NOT backup any applications or installers and DO NOT backup any files with the following extensions:For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.
- .exe
- .scr
- .htm
- .html
- .xml
- .zip
- .rar
To find out how to carry out a Reformat and Reinstall, please see this page.
I am sorry I cannot give any better news.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#15
Posted 12 October 2009 - 07:20 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users