Can't get rid of Win32.Virut virus

[Wrinkle]

Good evening. I've got a really serious problem. At least, it looks serious to me. Two weeks ago I noticed that I got Reader_S.EXE, Services.EXE, CMD.EXE, BN16.TMP and some other weird processes. Later I realized those had been viruses. Tried Malwarebytes, AVG Antivirus and Spyware Doctor. These helped, but the virus appeared again. So the only solution was to format my Windows.
Alright, I've done format twice. I've started my Windows and few minutes later I got that virus again. I couldn't believe. When I start my Windows now, it just crashes. I really doubt that it's Windows XP Service Pack 2 CD problem, it's clean. If anyone knows, what's the matter, please, let me know.

[amateur]

Hello and welcome to TSF.

Quote:

Can't get rid of Win32.Virut virus

Virut is a polymorphic file infector, infecting all the executable files(.exe) and screen saver files(.scr) by way of corrupting them beyond repair. . Unfortunately, the best approach is to reformat and reinstall as you have already done. However, you are possibly getting re-infected by your backed up data.

While backing up your files prior to r/r, you were to make sure that you do not backup any executables, screen savers and compressed files such as zip, rar and cab, and also the htm/html/php files as they may also contain infected files.

Backups are not be made to another machine or another internal harddrive, as they may become compromised. Best to burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

Here's some information on this infection:

http://www.microsoft.com/security/en...=Win32%2fVirut
http://vil.nai.com/vil/content/v_143034.htm
http://www.avast.com/eng/win32-virut.html
http://www.symantec.com/security_res...558-99&tabid=1

You'll have to reformat and reinstall again, I am afraid.

[Wrinkle]

Quote:

Originally Posted by amateur

Hello and welcome to TSF.



Virut is a polymorphic file infector, infecting all the executable files(.exe) and screen saver files(.scr) by way of corrupting them beyond repair. . Unfortunately, the best approach is to reformat and reinstall as you have already done. However, you are possibly getting re-infected by your backed up data.

While backing up your files prior to r/r, you were to make sure that you do not backup any executables, screen savers and compressed files such as zip, rar and cab, and also the htm/html/php files as they may also contain infected files.

Backups are not be made to another machine or another internal harddrive, as they may become compromised. Best to burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

Here's some information on this infection:

http://www.microsoft.com/security/en...=Win32%2fVirut
http://vil.nai.com/vil/content/v_143034.htm
http://www.avast.com/eng/win32-virut.html
http://www.symantec.com/security_res...558-99&tabid=1

You'll have to reformat and reinstall again, I am afraid.

Hello. Thanks a lot for trying to help. The problem is that I've made no back ups. Didn't even try to download anything.

[amateur]

Hi,

Quote:

The problem is that I've made no back ups. Didn't even try to download anything.

What happened to your personal documents, pictures, music, video, etc? Did you perform a clean install or a re-install? A reformat would wipe everything on the harddisk. Here's a good guide for reformat and reinstall, i.e. clean install, for your information:

How to format the current system drive and reinstall the operating system

Quote:

Alright, I've done format twice. I've started my Windows and few minutes later I got that virus again.

How did you know it was the same virus?

[Wrinkle]

Quote:

Originally Posted by amateur

Hi,

What happened to your personal documents, pictures, music, video, etc? Did you perform a clean install or a re-install? A reformat would wipe everything on the harddisk. Here's a good guide for reformat and reinstall, i.e. clean install, for your information:

How to format the current system drive and reinstall the operating system

How did you know it was the same virus?

Good afternoon. I've done a full reformat, nothing is left on C:\, as I have only one Hard Disk. After reformat, Windows had been installed. Installation was successful, so I had started Windows. While browsing C:\, Firewall noticed me that Reader_S.EXE is trying to connect. Declined it and suddenly computer crashed. Later on, after it was restarted, I had seen Reader_S.EXE, Services.EXE, CMD.EXE, BN.TMP etc. in Processes. Even some adult web sites started to appear every 10 minutes or so. Have a good day and Thank You.

[amateur]

Quote:

While browsing C:\, Firewall noticed me that Reader_S.EXE is trying to connect.

This tells me that you had a third party firewall installed as Windows XP firewall does not protect against the outgoing traffic.

http://www.microsoft.com/windowsxp/u...2_wfintro.mspx

Quote:

What Windows Firewall Does and Does Not Do
It does It does not

Detect or disable computer viruses and worms if they are already on your computer. For that reason, you should also install antivirus software and keep it updated to help prevent viruses, worms, and other security threats from damaging your computer or using your computer to spread viruses to others.

I am not really sure if I understand your point but it sounds like you're saying that Virut infection survives a reformat. That cannot be unless you're installing the operating system from a questionable copy, which itself may be viruted, or installing other data/software which is/are viruted.

There's no point in discussing this any further. If you're able to provide the logs requested in our pre-posting NEW INSTRUCTIONS sticky, we'll check them out for you and advise you accordingly.

[Wrinkle]

Quote:

Originally Posted by amateur

This tells me that you had a third party firewall installed as Windows XP firewall does not protect against the outgoing traffic.

http://www.microsoft.com/windowsxp/u...2_wfintro.mspx



I am not really sure if I understand your point but it sounds like you're saying that Virut infection survives a reformat. That cannot be unless you're installing the operating system from a questionable copy, which itself may be viruted, or installing other data/software which is/are viruted.

There's no point in discussing this any further. If you're able to provide the logs requested in our pre-posting NEW INSTRUCTIONS sticky, we'll check them out for you and advise you accordingly.

Well, that's the matter. It was Windows Firewall, not Thirt Party Software. Thanks for some advices. I'll try using another copy of Windows XP. Have a good evening.

[amateur]

You're welcome and good luck!

[amateur]

Since this issue appears resolved, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

Surf Safely, and Think Prevention!