Over 1 million tech questions and answers.

Hardest problem - Computer infected with Win32/heur and win32/virut

Q: Hardest problem - Computer infected with Win32/heur and win32/virut

Hi guys, recently i downloaded an .exe game which had malware on it. As soon as i ran the program i was bombarded with warning/notices saying i have the win32/heur, win32/virut and many other trojans. I closed all programs and immediatly ran avg 8.5 scan. It detected 276 infected files. It healed many files but 46 weren't healed. These were either win32/heur or win32/virut. The next day i installed malwarebytes anti malware and spybot search and destroy. I ran both these scans AND the avg scan. They all detected different threats and were removed but win32/heur and virut remain. I rebooted my pc and avg did an automatic scan before i got to the desktop. Meaning i didn't get to my desktop yet avg was running a scan. When i was able to go into my desktop the taskbar and desktop icons were missing. I was only able to use m pc via taskmanager. Now i still have the 46 infected files which cant be removed and my taskbar and desktop icons were gone. I tried to run explorer.exe but it ddnt work because "system cannot locate file" please help!!

The 46 infected files are windows32 files. Probably registry files so it cant be removed. I have winxp and atg 8.5. +malwarebytes and spybot

RELEVANCY SCORE 200
Preferred Solution: Hardest problem - Computer infected with Win32/heur and win32/virut

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Hardest problem - Computer infected with Win32/heur and win32/virut

Hi,

I would like to first confirm if you do in fact, have virut.

Please do the following:
Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
c:\windows\system32\userinit.exe

Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Please do the same for the following files:
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\spoolsv.exe


NEXT


We would be grateful if you could assist us in our research into this infection by providing us with some samples and information from your machine. This will only take a minute or two to complete, and is very simple. If you wish to help us, please do the following:Download VAPrep.bat and save it to your Desktop.
Double-click VAPrep.bat to run it. It will only take a moment to complete.
When done, please right-click the VAPrep folder which should now be on your Desktop. Select Send To >> Compressed (zipped) Folder.
Next, please go to this webpage.
Browse to the VAPrep.zip zipped folder you just created.
Click Send File.
Once done, you can delete the VAPrep folder and .zip file from you Desktop. Thanks for helping us out.

Read other 4 answers
RELEVANCY SCORE 125.6

Hello,for two days i receive massage from AVG 8.5 many of my windows system files are infected with win32.Virut and also Win32/Heur, Trojan horse Generic13.BEHA. my system is slowing down and i do not have access to many web sites including those anti-virus that could help me. i don' tknow if i should format my PC. Please help! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:37:55, on 22.6.2009 ?.Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\PDF Complete\pdfsvc.exeC:\Novadigm\ManagementAgent\nvdkit.exeC:\Program Fil... Read more

A:infected with win32.Virut/Heur

Hello martix,Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.More information:http://free.avg.com/66558There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:Immediately before the encrypted code at the end of the last sectionAt the end of the code section of the infected host in 'slack-space' (assuming there is any)At the original entry point of the host (overwriting the original host code)Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.Regards,tea

Read other 2 answers
RELEVANCY SCORE 125.6

Hello all

So I've contracted something major here. AVG is giving me win32 heur alerts on a ton of .exe and system32 files. I've got adult links on my desk and strange pop up sounds. I can't go to any website that offers fixes for win32 heur. Tried to dl Combofix (renamed it too) and that won't start. Looks pretty bad...not trying to wipe my drive if that can be avoided. Not too handy technically. I'm afraid if I turn my comp off, it'll never boot again. Thanks a ton guys!
DDS (Ver_09-10-13.01) - NTFSx86
Run by zxzxz at 19:44:11.03 on Sat 10/24/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.811 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceServ... Read more

A:Infected with win32 heur/virut?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 119.6

Here is my HiJackThis log - Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:05:03 PM, on 2/26/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AV... Read more

A:Win32/Heur - I-Worm/Nuwar - Win32/Virut

Hi,I have bad news for you I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.You may want to read this why:Virut and other File infectors - Throwing in the Towel? So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

Read other 14 answers
RELEVANCY SCORE 108.8

Hi all, I've got a crippling problem with some rather strange symptoms that I need some help with. This is going to be a bit long because I want to provide all the relevant information.

Basic machine setup is three hard drives: one with Vista x64 (my secondary OS), one with XP x32 (my main OS), and one with data (and the odd executable stored, but nothing that's actually run from there). Both OSs are running AVG 8.5, with Resident Shield switched on. I periodically backup all three drives (separately) to an external USB drive, using TrueImage to create partition images.

A couple of weeks ago (September 11th), without any obvious prior symptoms, I was hit with some sort of malware attack, that put porn links on the desktop, and caused AVG to go mad and start listing every excutable as being infected, which obviously crippled the system. I deleted the partition after first backing up to another drive in case I needed any files from it later on, and after various hardware and configuration issues that I won't go into (all sorted now), restored an image from August 13th, about 4 weeks prior to the malware attack. At this time I also entirely scanned my Vista drive and data drive with AVG, and both were found to be clean. Booting into Vista, with the data drive attached, never gave any problems.

Booted a couple of times with just the OS drive attached, configured, and all seemed okay. Then ran a java program (an old game editor I've used many times before, t... Read more

A:Win32/Heur Vundo? Virut? Help!

Read other 8 answers
RELEVANCY SCORE 107.6

Hello all

So I've contracted something major here. AVG is giving me win32 heur alerts on a ton of .exe and system32 files. I've got adult links on my desk and strange pop up sounds. I can't go to any website that offers fixes for win32 heur. Tried to dl Combofix (renamed it too) and that won't start. Looks pretty bad...not trying to wipe my drive if that can be avoided. Not too handy technically... I did do a hijack this scan though. I'll post here. Thanks a ton guys!
 

A:Hacked to pieces...win32 heur/virut?

ahh, looks like the hijackthis log was blocked. I'll paste it in instead:

Logfile of HijackThis v1.99.1
Scan saved at 2:25:38 AM, on 10/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AV... Read more

Read other 3 answers
RELEVANCY SCORE 107.6

Hello all

So I've contracted something major here. AVG is giving me win32 heur alerts on a ton of .exe and system32 files. I've got adult links on my desk and strange pop up sounds. I can't go to any website that offers fixes for win32 heur. Tried to dl Combofix (renamed it too) and that won't start. Looks pretty bad...not trying to wipe my drive if that can be avoided. Not too handy technically...Thanks a ton guys!


DDS (Ver_09-10-13.01) - NTFSx86
Run by zxzxz at 19:44:11.03 on Sat 10/24/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.811 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\gearsec.exe
C:\... Read more

A:Lots of trouble w/ win32/heur (virut?)

Hello -

I don't like to be the bearer of bad news, but your AV has indicated Virut, ComboFix has given you a warning indicating a possible file infector such as Virut. That's enough for me to tell you the following:

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can for... Read more

Read other 6 answers
RELEVANCY SCORE 107.6

Heres my Systems Info :

OS : Microsoft Windows Home Edition with SP3 (5.1 , Build 2600)
System Manufacturer / BIOS / Model : N/a ( I don't know why)
Processor : Dual Core @ 2.00 GHz

The Virus :

I was surfing the net yesterday and something downloaded on my computer , it runs briefly then spread Heur and Virut all over my C Drive.
IT Infected Windows , Wordpad , Nero Burning Software , System 32 and other critical system files .

Please Help me , I Don't like to reformat it yet again .

(However , I Have a file somewhere named XPHOME,GHO , it was the system files backup but I Don't know HOW to open it)
Please HELP me

I can't even apply Windows Update , please help me

A:Win32/Virut,Heur Combo Infection

Hello,I am afraid I do not have good news for you.Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). The Virux variant is an even more complex file infector which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml ). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of infection can vary. The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.CA Virus detail o... Read more

Read other 1 answers
RELEVANCY SCORE 106.4

Hi guys need some urgent help....i have AVG 8.5.427 free edition installed on my system ,wherein the operating system is Windows XP Profesional .....i ran a scan on my system and the scan reported Trojan Horse Generic11.ATHC and the resident shield log reported the remaining viruses(Worm/Downadup,Win32/Virut,Win32/Cryptor).I deleted the corresponding folders but still the system is very slow.It would be of immense help if anybody could provide expert advice on this matter.I am providing the hijackthis log herewithLogfile of Trend Micro HijackThis v2.0.2[/u][/u]Scan saved at 4:18:32 PM, on 12/21/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exeC:\WINDOWS\system3... Read more

A:Infected with Trojan horse generic11,Worm/Downadup,Win32/Virut,Win32/Cryptor

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 3 answers
RELEVANCY SCORE 105.6

Hi, my xp pc are infected with all of these and being hijack.I could not access - 'add-on/remove'at windowmy wdw programme is not running properly.download ComboFix (2) & Malwarebytes exc, but the computer would not let me to run it.i could not control to the website I wanted and sometimes it's being hijacked to some horrible website.had download the dds but it now would not let me open and post upload to this forum.I am novice with computer technology...please kindly advice me what I should do now.And my IE browser had gone too... I could now only use firefox, before that they both work ok .I detected all thie virus by scan with free AVG 8.5 and my firwall is with free PC toolPleaase help...Hi, any response please.As Now I lost the control of my wdw, it stop me doing lots of access.do I really need to re-installed the xp. anyone tell me how to do that.And would I lost every other pre-factory-installed software eg Nero, I don't have back up disc for that, that means I could not use my dvd re-write or re-open any back up there?Help please ...Please..more it would let me go the lots of web site and it limit me resource to find helpful site to remove them.By the way I think my pc get Vundo B.I am now so afraid to go on internet now as I worry there's backdoor open for more attack.I could not delete file now to protect my personal details before I go on internet and I worry if I check my yahoo email account someone would detect my password etc.It's ... Read more

A:win32/Heur, Win/Virut & Trojan Horse clicker.ADLV

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 2 answers
RELEVANCY SCORE 104.4

About 2 days ago I ran an update for game which unfortunately carried with it the Win32 Virut. Before my computer was completely paralyzed I ran a Norton Security Scan and that specific virus popped up everywhere. I've done a little research and found that it infects mainly .exe files. Rather than attempt to salvage my files I decided to reformat. Having reinstalled Windows Vista 32bit, I noticed that things were still going wrong. - Unable to install Microsoft Office 07 :Error 1935. An error occurred during the installation of assembly component[97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E]. HRESULT: 0x8007054F- Unable to install AVG Free Edition :Error: Action failed for file avgwdsvc.exe: starting service....Error 0x800736b1- Unable to run Trend Micro HouseCall 6.5 :An error occurred while trying to transfer data from the Internet!Do you want Trend Micro HouseCall to try resending the required files?Here is my HJT v2.0.2 log file :Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:32:35 PM, on 8/02/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16386)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\William\Computer\Avast\ashDisp.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\notepad.exeC:&... Read more

A:Computer infected by Win32 Virut

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 103.6

my system is been infected with virus win32 virut most of them occured in my .exe files... i tried to reformat and install win xp sp1 but its all the same avast detected the virus and i tried to moved them to vault or chest but after that i can't open the programs like explorer, run, add and remove and so on... and its even infected my memory please help...

anyone of you please help... win32 virut virus/worm is really messed up my computer

A:[B]Computer Infected Win32-Virut Virus Please Help :([/B]

first of all if you want to install a good window install the windows xp sp2-3 or vista they have a firewall as minimum !
second of all how many patitions you have?
third of all do you update your antivirus because avast is one of the best!

Read other 7 answers
RELEVANCY SCORE 103.2

Hey guys,

I just found out today that my brother's computer was infected with this virus. The only thing I've noticed it do so far is not allow him to log in via Firefox or Internet explorer. The way I am able to log into the internet via Firefox is by using the Firefox Safe Mode (not actually starting up the computer in safe mode).

If someone could please assist me in removing this, I would greatly appreciate it! Thank you in advance.

A:My computer is infected with the Win32/heur virus

Hello from Safe Mode with Networking Run theseNext run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your sav... Read more

Read other 3 answers
RELEVANCY SCORE 103.2

Infected these viruses via USB thumb drive from a school computer. The virus blocked me from viewing Task Manager and give me an error saying "Task Manager has been disabled by your administrator". I went on to download AVG and it suddenly starts showing me that Win32/Tanatos.M is infecting everything. I tried to remove/heal it but it says healing failed. I'll attach my hijackthis log

A:Please help! Infected with Win32/Heur and Win32/Tanatos.M

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 28 answers
RELEVANCY SCORE 103.2

Last night my firewall (Sygate) said there was a program requesting to connect to the internet. I do not remember what it was, but I know it looked like it had something to do with Microsoft or Windows because it was named something along the lines of something Microsoft would call one of their .exe's. So a few hours later, my computer is sluggish. I go to check the Task Manager... and it won't let me! It says "Task Manager has been disabled by your administrator". I AM the admin, so I know something is up. AVG suddenly starts showing me that Win32/Tanatos.M is infecting EVERYTHING! Windows Meida Player, Inter Explorer, Google Chrome, VLC Player, RealPlayer, Wordpad, paint, everything!

I googled a way to access the Task Manager and it gave me a code to run. Tried it, didn't work. Then i realized it actually DOES work, it's just that the virus quickly disables the Task Manager before I can get into it. So I ran the code in Start > Run one more time, and extremely quickly did Ctrl+Alt=Delete before it could disable it and I got in! I found a whole bunch of .exes that I've never seen before, like:

winkqrmmr.exe
winpfkp.exe
noytd.exe
ycln.exe
mvul.exe
rfpav.exe
winpoflfl.exe
winejlpg.exe

I googled them all and for most of them, nothing came up. So now I'm positive it's a virus. AVG keeps going nuts telling me it's infecting everything, and when I click Heal or Remove, it says the healing failed! I try to block i... Read more

A:Please help! Infected with Win32/Heur and Win32/Tanatos.M

Argh!!! I think it ended the Explorer.exe task! Now I can't see my taskbar or open any new windows! I rebooted and NOTHING loads. No taskbar, no icons, Task Manager doesn't open. Just showing my wallpaper. Somebody PLEASE help me. I have no computer now! (Typing this on my sister's).

Read other 4 answers
RELEVANCY SCORE 101.6

80 gigAsus Laptop Harddrive (C) infected, nothing important on it.
120 Western Digital Passport External Harddrive (E) infected 3 semesters of unbacked up architecture work
1 gig San disk USB key (f/g) infected, nothing important on it.

I have a question Normally the Win32:Virut doesn't infect files like jpegs and stuff so are my photos and architecture work pdfs/jpegs/photoshop free from infection?

Problem is that San disk USB key has a U3 program that after reformatting key the U3 exe is still there and thus I believe to be infected still.

Likewise the WD Passport has a WD Sync and Google search exe's that are infected and i'm afraid will reinfect my computer if i try to hook up and get my photos off.

I have the Hijackthis log and also an AVG Win32:Virut Remover Log. The AVG Log is really long and also the virus has now infected the AVG Remover exe as well LOL.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:12:26 AM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svch... Read more

Read other answers
RELEVANCY SCORE 99.6

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:04:28, on 12/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Comodo\Firewall\CPF.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\system32\spooIsv.exeC:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exeC:\WINDOWS\system\Fun.exeC:\WINDOWS\dc.exeC:\WINDOWS\SVIQ.EXEC:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXEC:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exeC:\WINDOWS\system32\wscntfy.exeC... Read more

A:I Think I Am Infected With Win32/virut & Win32.hll Hjt Log

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ashzoomerintrackMy name is Richie and i'll be helping you to fix your problems.It appears you've no virus protection installed,which is somewhat suicidal.Please download/install Avira AntiVir Personal Edition Classic[Free]: http://www.free-av.com/Perform a full scan with Avira and allow it to delete everything it detects.Restart your pc when you've done.After restart,open Avira Antivirus and select "Reports".Then double click the report from the full scan you have just completed. Click the "Report File" button,then copy and paste the report into your next reply.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,not for private use. Using this tool incorrectly could render your system/pc inoperable.Now download Combofix by sUBs and save to your desktop:Note It is important that it is saved directly to your desktop Close any open browsers.Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.NoteIn case your ... Read more

Read other 17 answers
RELEVANCY SCORE 99.2

Hey Everyone Im Pretty New To The Forums But Anywayz So If I Posted In The Wrong Section...

Anywayz

I Got Over 5 Computers Infected With This Injected JS.Virut.X JS.Virut.Y Win32.Virut.X Win32.Virut.Y that is not listed what so ever on any google pages. its called something completly different with SOPHOS Removal Emogen Or HTML I FRAME.

Avast wont remove it
AVG wont remove it
Outpost security suite pro wont remove it (claims to remove it but then it reappear on scan after restart)
Zonealarm claims to remove but on restart reappears
avast goes into LOOP - both home n pro
DR WEB wont remove.
bit defender wont remove
kaspersky wont remoe and kaspersky gets shutdown by it
outpost the virus creates rules to reenable itself in the smart advisor filter as acting as a genuine certificate for the vendor.
its a rootkit so YES i have formatted and reinstall windows, replace hard disk drives, scanned and removed virus etc... and transferred data back and it has taken over the newly formatted system

Malwarebytes with latest update, picks up over 8 threats and removes on restart but reappears when you rescan as it does not remove or does and it regenerates itself injecting the files over and over and it gets worse each time...

YES. SYSTEM RESTORE IS OFF. and all points removed... never enabled...

McAfee Wont Work
Norton Wont Work
Kapersky Wont Work
Bit Defender Wont Work
avast wont work
avg wont work
hijack this is denied
task manager denied
registry denied
admin denied
if i grand ... Read more

A:ROOTKIT - JS.Virut.X - JS.Virut.Y - Win32.Virut.X - Win32.Virut.Y (Mutant) (BBS)

Hello and welcome. This is a serious and difficult infection to remove. We are best served using the HJT tools.We need to run HJT.Please follow this guide. Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.Let me know it it went OK !

Read other 1 answers
RELEVANCY SCORE 99.2

This is a different computer (my laptop) but it seems to have a few things wrong also. Would appreciate any help in cleaning it up.

Here is the DDS.txt:
DDS (Ver_09-01-07.01) - NTFSx86
Run by Brennen Fowler at 18:16:16.45 on Sat 01/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1350 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\SMSC\CIRHID\V1_0_0000_0\ToshibaRC.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\... Read more

A:Different computer: Win32/Heur, Win32/Tanatos.M

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 2 answers
RELEVANCY SCORE 98.8

My Avast antivirus recently started detecting a whole host of viruses. I ran a thorough scan of all files and deleted every infected file until the scanner turned up a hit in the operating memory. It then suggested I run a boot sector scan - I did so. Upon rebooting Avast started detecting more viruses. This time I rebooted into Safe Mode and ran the scanner there, deleting everything I found. Apparently one of the files I deleted was important, because after that my computer Blue-Screened during boot-up and I had to do a system restore to a save point from a few days ago (before the virus was contracted). Since then the virus has continued to crop up, and I haven't the foggiest notion of how to get rid of it.

The title is a list of the virus descriptions that my Avast scanner gave me. I ran all the programs the walkthrough on this site instructed me to, but the RootRepeal program crashed and generated an error message and crash report, both attached (error message in .png image format - I took a screenshot of it).

Thanks for your help!

__________________________________________________________________________________
DDS (Ver_09-12-01.01) - NTFSx86
Run by Bryan at 18:56:06.09 on Wed 12/02/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1546 [GMT -5:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32&... Read more

A:Infected with js: downloader-FT Win32:Banload-GLR Win32:Malware-gen Win32:Refpron-AW Win32:Rootkit-gen Win32:VB-NWC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 96

Hi,Please help me in getting rid of the pop ups which keep coming up.trojan downloader win32 agent bqtrojan clicker win32 tiny htrojan spy win32 key logger.aatrojan spy win32 green screentrojan spy html bankfraud.dqHijakThis log file.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:00:40, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Pac... Read more

A:Infected With Trojan Clicker Win32 Tiny.h / Downloader Win32 Agent Bq / Spy Win32 Key Logger.aa/spy Win32 Green Screen / Html B...

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 95.6

Hello,My computer became infected last night, and It's pretty bad. I became infected with Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, and the others listed (maybe more). Long story short, I'd just watched Harry Potter on dvd, and logged onto the computer to see who he married in the end. I ended up at a Harry Potter encyclipdiea website, and looked it up. Avast went nuts after a few minutes, and showed 4 different virus alerts, and Windows Defender showed 1 as well after I shut down.The virus listed by Defender was Trojan:Win32/Alureon.BT. Avast listed Win32:Jifas-CY, I didn't get the others in time.The last 2 I listed in the title, a "security center alert" claimed it detected these programs trying to acess the internet. It listed one more, but I didn't get it's name in time.I know Alureon is a downloader and backdoor for other viruses, and it basically shuts down security systems, which it's trying to do since windows now thinks I have no anti-virus installed.All of these trojans are listed as "server" and "high risk." I'm not sure a root kit didn't try to make it's way in too.EDIT: I wanted to add a few things in. First, I have XP SP3 set up with multiple accouts, one admin "owner" account and then 1 limited access "user" account. The Viruses came in while the user account was logged on (I am not dumb enough to connect to the internet with an admin account). It seems the Viruses we... Read more

A:Infected: Trojan:Win32/Alureon.BT, Win32:Jifas-CY, Backdoor.Win32.Kbot.al, Net-Worm.Win32.Mytob.t

Hello again.I booted into Safe Mode and ran an Avast scan (which took forever) and it was a waste of time. The stupid thing found nothing wrong, and said the system was clean (which is the opposite it says when you log into the limited user account). The computer (and specially that account at least) is definitely infected. Could the viruses be hiding themselves when in safe mode?Should I scan from a Pre-install environment like BartPE? Or from the Regular "Owner" Admin account? I waited 2 days for the stupid program to scan 700gb (painfully slow for a qaud core, though to be excepted in safe mode), and it was useless.Other than running windows defender (which I'm doing now), and maybe trying MBAM, I'm not sure what to do. I'm not expect enough to dive into programs like OTViewIT and Combofix, so I'll need help here. Please, ANY HELP is appreciated. I would rather NOT wipe the drive and reinstall the whole system, but I need to get this figured out.Does no one have any ideas???

Read other 5 answers
RELEVANCY SCORE 94.8

Hi There,
As you can see by my thread title, I've been infected with a bunch of things. I ran an AVG scan and it ended up showing 19 different threats. Aside from these viruses, trojans called BackDoor.Generic11.HUH,SHeur2.ADCYs and Vundo.GK were also on the list. The 19 items were moved to the vault and the computer restarted.

Upon restarting, there is a wallpaper that is from the virus saying my computer has been infected and that I should clean it.

In the system tray there is a red circle with a white 'X' in it. Every minute or so during the AVG scan it would pop-up and say I had a virus and I should use spyware cleaners to clean it.

Opening My Computer etc is very slow and I can not update my AVG definitions. Just after completing a HJT scan I recieved the dreaded blue screen that said 'A threard tried to release a resource it did not own'.

I have included below my HJT log. If you could provide me with any assistance I would greatly appreciate it. I have the latest AVG Free and have no idea how I got so badly infected. I considered a format, but I have not backed-up in a while. Is there a way to recover my data?

I am sorry for the lengthy response. I wanted to provide you with as much detail as possible.

Thanks for all your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:10 AM, on 4/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C... Read more

A:Win32/Cryptor, Win32/Heur, Win32/PolyCrypt

Read other 8 answers
RELEVANCY SCORE 94

Hello,Please help if you can .I ran free Avast! version 5.0.677 on my Windows XP desktop computer (Pentium 4, 1.5 Ghz CPU, 1 gb ram), and came up with the following virus warnings. Unfortunately the Avast! software internal tools to remove it are grayed out and not functioning. I tried a couple of things to remove viruses from help online and then realized I was in way over my head. I found this forum and am now requesting help.Avast! says I am affected with:JS:Downloader-AT, Win32:Nimda, Win32:Small-GWM, Win32:VB-EIJ, Win32:WinSpy-CK, JS:ScriptSH-inf, and Win32:VirutAttached a screen shot of Avast! with viruses and partial path to them. Computer's Symptoms (not sure if these are all due to old slow processor or malware):Computer is freezing often;When it is in sleep mode it is turning itself on;Seems to be downloading stuff often and slowing down;Monitor is going black forcing reboots often;Couple weeks back I began getting floating ads that pop up when browsing online;I get an error message daily that says AdAware has shut down unexpectedly, do I want to send a report? I have been ignoring this, not knowing if it was important, been several weeks.Ok, I think that is all I can think of to share. Please help if you can. I appreciate it.Thanks,Dancer~~~~~~~~~~DDS (Ver_10-03-17.01) - NTFSx86 Run by ljk at 15:52:28.93 on Mon 09/20/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.102... Read more

A:Please Help ~ Infected with JS:Downloader-AT, Win32:Nimda, Win32:Small-GWM, Win32:VB-EIJ, Win32:WinSpy-CK, JS:ScriptSH-inf, and...

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.I ask that you please refrain from running tools other than those I su... Read more

Read other 42 answers
RELEVANCY SCORE 93.2

Dear All,My PC (equipped with Windows XP) has been infected with Win32.virut.gen virus. I have tried the following actions:1) formatting (the only partition I have) and re-installing the OS2) running SFC 3) running rmvirut 4) disabling System Restoreafter that the virus is still in there. I don't know what else to try then for you you're my last resort.I attach the Hijackthis log as well.Thanks for helping me!>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:18:23, on 25.10.2008Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\ctfmon.exeC:\Programme\Messenger\msmsgs.exeC:\WINDOWS\ISW\alice\signup\alicecnn.exeC:\Programme\PC Tools AntiVirus\PCTAVSvc.exeC:\WINDOWS\system32\svchost.exeC:&... Read more

A:Infected with Win32.Virut.Gen

Hello pasquale666Welcome to BleepingComputer ========================Virut is a file infector it has probably infected most if not all of the exe's on your computer;Even if we attempt to clean this machine I can't guarantee that it will work correctly afterwards.I really do think that you need to reformat again and start from sctrach with this one.But if you do not wish to reformat again then we will attempt to clean it.=============================================Also one or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC... Read more

Read other 33 answers
RELEVANCY SCORE 93.2

I had first consulted a moderator about this problem in this thread http://www.bleepingcomputer.com/forums/t/255953/contracted-win32heur-virus-and-then-some/ When it came to symptoms, the virus occasionally created random shortcuts to online pornographic websites on my desktop. Also, about every 15 minutes I got a random box on my screen that is named "Malicious Software Removal Tool" offering a free scan; however, I know some viruses present themselves as such and was afraid to actually press "OK". These symptoms are now completely gone, but my scanners are still picking up a virus as you can see at the end of the above posted thread. (Trojan.MulDrop.34350) I was told that due to a detected Virut infection, that following the steps to putting a log here would be my best bet. All help is greatly appreciated! Thank you very much for your time!!DDS (Ver_09-07-30.01) - NTFSx86 Run by Villarreal Family at 19:41:23.14 on Sun 09/13/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1389 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\idt\intelxpv_v103\wdm\STacSV.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\D-Link\AirPlus Xtre... Read more

A:Infected with Win32.Virut.56

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 93.2

I have a Sony VAIO laptop with windows Vista and an Intel processor. Recently, Avast detected a virus and before I could even read the message to see what or where it was, I was blue-screened and then windows restarted. Then blue screen, then windows restart, etc etc. -Will not boot in any other mode than DEBUGGING MODE-Windows defender blocked two programs called "JDStart.exe" and "svcchst32.exe"-Ran Avast Boot-time scan after choosing debugging mode.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:44:39 PM, on 8/24/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18813)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\explorer.exeC:\Program Files\Mozil... Read more

A:Infected with Win32:Virut - Please Help

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 93.2

i bought a new pc but using the old hd my pc performence went low day by day taking a 2.4 gb data from hd to pd took me 70 min
my pc config is
processor - amd phenom x4 9650
mb - gigabyte ma78gm-us2h
ram - 2*2 ocz titanium 800 mhz
sata hd 250 gb

when i try to run the combofix i m stuck cause it told me that the package is modified due to a win32.virut.ce and the combofix icon on the desktop disapear

DDS (Ver_09-09-29.01) - NTFSx86
Run by jacksv at 14:10:40.64 on Sat 10/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.1943 [GMT 5.5:30]

AV: avast! antivirus 4.8.1356 [VPS 091005-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG ... Read more

A:INFECTED WITH win32.virut.ce

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 93.2

hi , my computer is infected with win32.virut.g and i have done the following things 2 remove it:
1) Formmatted my all hard drives ( C & D & E) installed fresh copy of windos xp
2) scan in safe mode
i m using Quick heal total security 2010 , it detect the virus repair or delete it but it comes again and agian.
after i format my pc whenevr i connet to internet it starts download all typs of malwares and trojans and infects my sound card drivers and corrupt my windos xp file and also doesnt allow me 2 open any website.
plxzzzz help me plzzzzzzzzzz

A:Infected with WIN32.virut.g

After a complete format it isnt possible for a virus to survive , what programs are you downloading when you have installed it? , also is this version of xp legal?

Read other 1 answers
RELEVANCY SCORE 93.2

MY COMPUTER GETS REALLY SLOW SOMETIMES .IT SHOWS THAT ITS INFECTED WITH VIRUS...SOMETIMES A BLUE SCREEN POPS UP...LOTS OF SYSTEM32 ERRORS..Deckard's System Scanner v20071014.68Run by DJ SHADOW on 2008-07-14 02:41:15Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2008-07-14 09:41:21 UTC - RP3 - Deckard's System Scanner Restore Point1: 2008-07-13 05:41:11 UTC - RP2 - Unsigned driver installBacked up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-14 02:42:32Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv... Read more

A:Infected With Win32 Virut

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

Read other 2 answers
RELEVANCY SCORE 93.2

Hi a while ago i ran some scans and found out that my computer is infected with win32.virut and i googled it and found out that it was very difficult to remove and i was wondering if my computer still had hope. If my computer has no hope and i should reformat could you give me a guide cause im quite confused about reformating.Heres my DSS logsDeckard's System Scanner v20071014.68Run by Owner on 2008-08-09 21:43:49Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-08-10 01:43:51 UTC - RP4 - Deckard's System Scanner Restore Point3: 2008-08-10 01:37:39 UTC - RP3 - Installed WinZip 11.22: 2008-08-10 01:33:35 UTC - RP2 - Deckard's System Scanner Restore Point1: 2008-08-10 01:20:43 UTC - RP1 - Unsigned driver installBacked up registry hives.Performed disk cleanup.Total Physical Memory: 504 MiB (512 MiB recommended).System Drive C: has 4.29 GiB (less than 15%) free.-- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:44:27 PM, on 8/9/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\... Read more

A:Infected With Win32.virut

Hi and welcome,Virut is one nasty nasty virus. I'll save the 'pretty stuff' & hand it to ya straight.Because of the nature of how it works cleaning is nearly impossible and even if AV can clean it most of the files after are trashed so nothing is going to work right anyways.See this virus spreads itself all throught most exes and scr files.Each file it infects -- uses slightly different code.Because of how it injects 'parts' of itself all over the files is what makes it hard to clean while leaving files still usable after.Some viruses add themselves to just the end or beginning of file and those are easier but this one is just plain out destruction.Not only that -- but because each infected file has slightly different malicious code in it -- this makes it very difficult for AV to detect it all.This means there will likely still be some parts of the virus left active & just re-infects.I wanna check for presence of Virut before we try much of anything.I wanna see the extent of the infection.If just a couple files -- we have a chance.If you already have used Kaspersky online scanner, please uninstall it via add/remove programs because this is a new version I need you to download.Please do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloa... Read more

Read other 3 answers
RELEVANCY SCORE 93.2

My computer is infected with a virus. I ran AVG and several infected files kept showing up with win32/virut. I have looked this up & it seems that this is a type of virus.
When I start my computer all that i'm getting is my desk top wallpaper & the taskbar with the start, internet explorer & firefox quick launch icons & the clock.
After a 2/3 min wait I get a speech bubble pop up from the bottom right of the screen telling me that my firewall may be turned off. After this pops up all my icons appear but my wallpaper dissappears & turns to a white background.
I have ran a tool by AVG for removing the win32/virut virus but it doesn't seem to have worked properly.
I can still access the internet, use all my programs & access all my files.

I have a HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:12, on 25/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 92.8

My laptop became infected approx. 5 days ago. I've run many malware removers, including: SUPERAntiSpyware Free Edition, SDFix.exe, Hijackthis.exe, cureit.exe, and can not seem to clear it up. All the above programs have reported no infections at one time or another. So I'm becoming frustrated and confused.

the following is the DDS.txt log:
DDS (Ver_09-05-14.01) - NTFSx86
Run by J. Benavides at 2:01:09.85 on Tue 05/19/2009
Microsoft Windows XP Professional [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.e... Read more

A:Infected with win32\heur

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

Read other 3 answers
RELEVANCY SCORE 92.8

Hi, I am infected with win32/heur virus and am using avg free 8.0...
Will anyone advise how to remove it, cause i read online that its dangerous and infectious.. Thanks in advance.

A:Infected with win32/heur

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".C... Read more

Read other 1 answers
RELEVANCY SCORE 92.8

While I was downloading some pictures from my camera, AVG came up with a alert notice that I was infected with the Win32/heur virus. But, I had AVG and systemantic installed at the same time (and I know having 2 running is a bad thing, I never got the chance to uninstall AVG). The object it detected was c:\programdata\symantec\symantec endpoint protection\0000074D.....and it was unable to remove the file. I just wanted to make sure this is either legit or because I had 2 AV's installed and running at the same time.
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Vince Lee at 22:49:25 on 2011-08-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1665 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\sys... Read more

A:infected with Win32/heur

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415239 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 92.8

A few days ago the Win32 Heur was showing up on my AVG8 Free software. It is also coming up with a trojan horse rootkit-pakes. Today I done a scan on spybot and it failed to remove Win32.fraudload.net, Win32.TDSS.rtk & Win32.TDSS.reg. In addition to that I read on a forum to download Registry Easy and I done a scan and fix thru that. It stated all the relivant issues had been resolved. But as I mentioned Spybot comes up with those 3 Trojans still. So I have these 5 issues, there is probably more. But I would appreciate if you can help.

Here is a copy of my log HiJackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:42, on 31/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spare Messaging\MessagingApp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome... Read more

Read other answers
RELEVANCY SCORE 92

my system is been infected with virus win32 virut most of them occured in my .exe files... i tried to reformat and install win xp sp1 but its all the same avast detected the virus and i tried to moved them to vault or chest but after that i can't open the programs like explorer, run, add and remove and so on... and its even infected my memory please help...

anyone of you please help... win32 virut virus/worm is really messed up my computer
 

Read other answers
RELEVANCY SCORE 92

my system is been infected with virus win32 virut most of them occured in my .exe files... i tried to reformat and install win xp pro but its all the same avast detected the virus and i tried to moved them to vault or chest but after that i can't open the programs like explorer, run, add and remove and so on... and its even infected my memory please help...

anyone of you please help... win32 virut virus/worm is really messed up my computer
 

A:Infected with Win32-Virut Virus Please Help

Welcome to TSG....

To download HJTsetup.exe from TrendSecure To Download HijackThis go to the following at the File Repository
Click on the link below to Download HijackThis Self Installer:

http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Save the file to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\HijackThis.
Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialog box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
A security expert with a gold shield to the right of their name should take a look at your log - please be patient.
 

Read other 1 answers
RELEVANCY SCORE 92

hello gurus! I've been finding a bunch of trojans lately, virus.win32.virut.ce being the latest. some other's found are:
windows.delf.uc
win32.agent.icb
microsoft.windowssecuritycenter_disabled
virtumonde
anti virus progams i used were spybot, avg, super anti spyware and kaspersky.

not sure how to cure this.

some symptoms have been:
-computer hanging, something to do with winlogin
-task bar doesn't come up. i have to end explorer.exe and then restart it.

DDS and Kaspersky reports included below respectively. thanks for your help! benbird
DDS (Ver_09-02-01.01) - NTFSx86
Run by Ben Vega at 16:01:58.54 on Mon 03/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3062.2283 [GMT -8:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\s... Read more

A:Infected with virus.win32.virut.ce

Hello.Virut infections = FormatThere's no way to cure this infection. Even if we do remove anything your computer will be very unstable and will require to be reinstalled and then you will probably need to format anyways as the infection may still be there. Take a read below.Virut File Infector WarningYour system is infected with a polymorphic file infector called Virut and also has IRC bot functionality. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr) and also web pages (.html and .htm). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. In addition, when it infects, sometimes it will destroy the file it tries to latch onto. For these reasons, you really can't truly fix Virut. You will need to reinstall and format the operating system on this machine. As of now, security experts suggest that a clean Reinstall then Reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state. A Format right off the bat, without doing a reinstall is fine as wellBackup all your documents and important items (personal data, work documents, pictures etc..) only. DO NOT backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr o... Read more

Read other 3 answers
RELEVANCY SCORE 92

hey, i just figured out i got a virus called Win32/Virut i dont know how harmfull this virus is so i wanted to check here.anyway here are some scan results:http://virscan.org/report/4b8df0249683d59d...6af34f8fa4.htmli also got this virus i dont know its name:http://www.virscan.org/report/e8541b64f8b1...5aa9dfd4d2.htmlthanks in advance =]

A:Infected whit Win32/Virut

Hello, DamienW. I'm afraid I have some bad news for you. Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Virux is an even more complex file infector which can embed an iframe into the body of web-related files and infect script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair. In many cases the infected files cannot be disinfected properly by your antivirus. When disinfection is attempted, the files become corrupted and the system may become irreparable.The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files [..] some W32/Virut.h infections are corrupted beyond repair.REFERENCE: McAfee Risk Assessment and Overview of W32/VirutThere are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus [..] Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still... Read more

Read other 4 answers
RELEVANCY SCORE 92

Hi, after clicking on a link from google, I started getting error messages, and my antivirus program, Avira, won't work or uninstall or do anything. I ran Malwarebytes numerous times and it keeps coming up as having no problems. My Windows sign in screen is messed up, but other than that my computer isn't acting up too bad, but I am afraid that it will get worse. I ran the Kaspersky online scanner and it says I am infected with Virus.Win32.Virut.ce. I am including the scan summary with this post. Any help with this problem will be greatly appreciated. Thanks in advance!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, February 20, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, February 20, 2009 14:39:03
Records in database: 1821597
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Christian\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 35555
Threat name: 3
Infected objects: 1293
Suspicious objects: 0
Dura... Read more

A:I think I'm Infected with Virus.Win32.Virut.ce

Hello and welcome .. Please run SDFix next.Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

Read other 8 answers
RELEVANCY SCORE 92

Hello im goldilocks and im from philippines i wish you could help me clean my pchere's my HJT logLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43, on 2009-03-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\CafeSuite\CafeStation.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C: ... Read more

A:Infected with Win32/Virut.NBN virus

I have bad news for you I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.You may want to read this why:Virut and other File infectors - Throwing in the Towel? So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

Read other 4 answers
RELEVANCY SCORE 92

Evening. Got infected with this nasty little fella yesterday. Noticed it when accessing a torrent site. AVG reported it straight away and I did disconnect ASAP but now AVG reports the infection many times over and a couple of executables are now failing to load.I have followed your instructions in preparing to log a new call and have been able to capture dds.txt and attach.txt from d.d.s but when I've ran GMER from normal and safe mode it crashes when beginning to display all the device information.Here is the detail from the dds.tx log - any help / assistance greatly appreciated (I've noted it states Firewall Enabled and Scanning Enabled - I've gone through AVG settings and all disabled and turned off as far as I can tell)DDS (Ver_10-10-21.02) - NTFSx86 Run by Steven at 20:22:35.38 on 26/10/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.416 [GMT 1:00]AV: AVG Anti-Virus plus Firewall *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\svchost.exe -k LocalServiceC:&#... Read more

A:Appear to be infected with win32/heur and VBS Generic

Slightly disappointed I haven't received a response to this by now but appreciate there is an awful lot of calls on the site at present.

I've taken the plunge - have recovered the system from a recovery image over 3 years ago and working my way through service pack updates accordingly.

Virus obviously now appears to have been removed.

Thanks , Ballazz.

Read other 2 answers
RELEVANCY SCORE 92

Hello Guys,

My AVG recently detected files contaminated with Win32/Heur virus that I have not been able to remove, and I kindly ask about your expertise here.
Some initial info.
- I have Win32 XP original OS.
- I have AVG that detected and quarantined the files, but it seems files are infected continously anyway.
So, I believe my computer is still infected. Symptoms?
I have had recent computer lockups where I was forced to hard-button-reboots, in particular in combination with Firefox, and sudden blackscreens.
This could of course be Firefox bug related and maybe this has nothing to do with Win32/Heur.

I've gone through the preparation thread:
- The DDS works fine. Log included below.
- The GMER anti-root-kit program crashes after 10-20 seconds every time I start a scanning (even after I run the Defogger disable CD-emulation SW).
It just crashes with no further information (except an option to send error report to Microsoft...)
- I have also downloaded the ComboFix software (but not run it yet).
- (I have also downloaded HiJackThis, scanned and saved log although it's not required in this guide.)

Here's the DDS log:
---------------------------
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by ?garen at 12:51:25,95 on 2011-03-09
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.3327.2526 [GMT 1:00]
.
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\... Read more

A:WinXP: Infected with Win32/Heur

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issu... Read more

Read other 17 answers
RELEVANCY SCORE 92

I run Windows XP Home Edition Service Pack 2 on my laptop. Today, I did a full running scan with AVG Free after a suspicious file request through my ZoneAlarm (The file is crypt20.exe). Shortly after the scan started, I kept getting warnings after warnings from AVG and finally, the total infections found after scan is more than 5,000! I then ran Malwarebytes Anti-Malware but only 4 pop out. Right now, my firefox keeps crashing, the computer lags considerably and many programs seem to be not working at all.

Please help. I am at my wits end as to what to do.

Here are the HijackThis, DDS and Gmer logs.

Logfile of HijackThis v1.99.1
Scan saved at 7:18:20 PM, on 10/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Progr... Read more

A:Infected with Win32/Heur & VBS.Generic

Sorry for the trouble but anyone that can help?
 

Read other 2 answers
RELEVANCY SCORE 92

Hi

My sister in laws PC appears to be affected by several nsaty trojans including BHO.AKY SHeur.AGDK BHO.BHN and Win32/Heur. I have scanned with AVG 8.0, Avast 4.8 Spybot 1.6.2 and Windows Defender. Several of these programs reported the existance of some or all of these trojans but do not appear to have removed them.

Also I cannot install and run either Ad Aware or Spyware Doctor after having tried several times.

PC is very slow to boot up, is very slow once running and internet download times are very slow.

Any help will be muuch appreciated. Thanks
DDS (Ver_09-02-01.01) - NTFSx86
Run by Lucinda Fleming at 14:11:13.15 on 03/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.98 [GMT 11:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090305-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32... Read more

A:Infected with Win32/Heur worm

Hello atholmcivor,

Sorry for the delay. We have over 600 logs backed up and only a few helpers.

Since it has been a few days, please post a fresh DDS log so I can see if anything has changed.

Read other 2 answers