Malicious Virus! Cant run dds.scr etc...

[steve dee]

I have been attacked by what appears to be a clever virus or trojan, It has changed my background to say 'YOUR SYSTEM HAS BEEN INFECTED!" there is a red X in the taskbar which keeps popping up the same message about the system being infected, click to downloads windows latest spyware programs. I cannot run lavasoft ad-aware or dds.scr etc, as everytime I do it says 'file is infected, please download the spyware scanner' or similar. So I cant run the logging software you use...I dont know what to do. Please Help

I have now managed to get DDS and gmer to run, here is the DDS.txt - other files are attached..I also forgot to mention that I cant boot into safe mode, the pc just resets.


DDS (Ver_09-09-29.01) - NTFSx86
Run by steve at 18:13:44.20 on 06/10/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1559 [GMT 1:00]

AV: avast! antivirus 4.8.1351 [VPS 091004-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\FastNetSrv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
M:\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\program files\shoutcast radio

toolbar\shoutcasttb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: SHOUTcast Toolbar Search Class: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - c:\program files\shoutcast radio

toolbar\shoutcasttb.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web

printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: SHOUTcast Loader: {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
BHO: Ask && Record Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: SHOUTcast Radio Toolbar: {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - c:\program files\shoutcast radio toolbar\shoutcasttb.dll
TB: Ask && Record Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ask and Record FLV Service] "c:\program files\ask & record toolbar\FLVSrvc.exe" /run
mRun: [WindowsLivePhone] c:\program files\windows live\device manager\msgrdvmn.exe /AutoRun
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Sys32VContoller] c:\windows\mwmmgr32\mwmmgr32.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\steve\start menu\programs\startup\scandisk.dll
StartupFolder: c:\docume~1\steve\startm~1\programs\startup\scandisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma

Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &SHOUTcast Search - c:\documents and settings\all users\application data\shoutcast radio

toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web

printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\f9936jiu.default\
FF - prefs.js: browser.search.defaulturl -

hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL -

hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\documents and settings\steve\application

data\mozilla\firefox\profiles\f9936jiu.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-10 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-10 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\astra32\astra32.sys [2007-2-22 30864]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-10 138680]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
R2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [2003-3-31 114688]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-10 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-10 352920]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S2 gupdate1ca1a0c30dc551a;Google Update Service (gupdate1ca1a0c30dc551a);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs

shared\service\CTAELicensing.exe [2009-10-2 99840]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2009-8-12 50048]

=============== Created Last 30 ================

2009-10-06 18:10 <DIR> --dsh--- c:\windows\system32\lowsec
2009-10-06 10:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-06 10:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-06 10:56 <DIR> --d----- c:\docume~1\steve\applic~1\SUPERAntiSpyware.com
2009-10-05 23:47 0 a------- c:\windows\system32\winhelper.dll
2009-10-05 23:47 0 a------- c:\windows\system32\AVR09.exe
2009-10-05 23:47 34,732 a------- C:\fpfd.exe
2009-10-05 23:47 91,648 a------- C:\spafv.exe
2009-10-05 23:23 732 a------- C:\7134821.exe
2009-10-05 23:17 0 a------- c:\windows\system32\18467.exe
2009-10-05 21:17 46 a------- C:\p2hhr.bat
2009-10-05 20:58 0 a------- c:\windows\system32\41.exe
2009-10-05 20:57 732 a------- C:\4417994.exe
2009-10-05 20:57 25,088 a--sh--- c:\documents and settings\steve\ntuser.dll
2009-10-05 20:57 99,433 a------- C:\dafr.exe
2009-10-05 20:57 155,284 a------- C:\nhtb.exe
2009-10-05 20:57 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-10-05 20:52 10 a------- c:\docume~1\alluse~1\applic~1\fkl.dat
2009-10-05 19:48 <DIR> --d-h--- c:\windows\mw2mmgr32
2009-10-05 17:53 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-10-05 17:53 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-05 17:53 <DIR> --d----- c:\program files\iPod
2009-10-05 17:53 <DIR> --d----- c:\program files\iTunes
2009-10-05 17:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-05 17:52 <DIR> --d----- c:\program files\Bonjour
2009-10-03 11:28 7,680 a------- c:\windows\system32\ff_vfw.dll
2009-10-03 11:28 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-10-03 11:28 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-10-03 11:28 <DIR> --d----- c:\program files\ffdshow
2009-10-03 11:28 <DIR> --d----- c:\program files\TVersity Codec Pack
2009-10-03 11:28 <DIR> --d----- c:\program files\TVersity
2009-10-02 14:46 30,120 a------- c:\windows\system32\BMXStateBkp-{00000000-00000000-0000000B-00001102-00000004-00531102}.rfx
2009-10-02 14:46 30,120 a------- c:\windows\system32\BMXState-{00000000-00000000-0000000B-00001102-00000004-00531102}.rfx
2009-10-02 14:46 27,408 a------- c:\windows\system32\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-00531102}.rfx
2009-10-02 14:46 27,408 a-------

c:\windows\system32\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-00531102}.rfx
2009-10-02 14:46 11,564 a------- c:\windows\system32\DVCState-{00000000-00000000-0000000B-00001102-00000004-00531102}.rfx
2009-10-02 14:46 4,958,588 a------- c:\windows\{00000000-00000000-0000000B-00001102-00000004-00531102}.BAK
2009-10-02 14:44 4,958,588 a------- c:\windows\{00000000-00000000-0000000B-00001102-00000004-00531102}.CDF
2009-10-02 14:15 27,660 a-------

c:\windows\system32\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-10031102}.rfx
2009-10-02 14:15 11,564 a------- c:\windows\system32\DVCState-{00000000-00000000-0000000B-00001102-00000004-10031102}.rfx
2009-10-02 13:57 4,931,577 a------- c:\windows\{00000000-00000000-0000000B-00001102-00000004-10031102}.BAK
2009-10-02 13:49 <DIR> --d----- c:\program files\common files\Creative Labs Shared
2009-10-02 13:35 61 a------- c:\windows\sbwin.ini
2009-10-02 12:50 4,931,577 a------- c:\windows\{00000000-00000000-0000000B-00001102-00000004-10031102}.CDF
2009-10-02 12:18 4,174,814 -------- c:\windows\system32\CT4MGM.SF2
2009-10-02 12:18 <DIR> --d----- c:\windows\system32\Defaults
2009-10-02 12:17 86,016 a------- c:\windows\system32\cttele.dll
2009-10-02 12:17 30,384 a------- c:\windows\system32\BMXStateBkp-{00000000-00000000-0000000B-00001102-00000004-10031102}.rfx
2009-10-02 12:17 30,384 a------- c:\windows\system32\BMXState-{00000000-00000000-0000000B-00001102-00000004-10031102}.rfx
2009-10-02 12:17 27,660 a------- c:\windows\system32\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-10031102}.rfx
2009-10-02 12:15 7,062 a------- c:\windows\system32\audiopid.vxd
2009-10-02 12:14 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-10-02 12:14 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-10-02 12:13 <DIR> --d----- c:\windows\system32\Data
2009-10-02 12:13 <DIR> --d----- c:\program files\Creative
2009-10-02 12:12 6,400 ac------ c:\windows\system32\dllcache\enum1394.sys
2009-10-02 12:12 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-10-02 12:12 61,056 ac------ c:\windows\system32\dllcache\ohci1394.sys
2009-10-02 12:12 61,056 a------- c:\windows\system32\drivers\ohci1394.sys
2009-10-02 12:12 53,248 ac------ c:\windows\system32\dllcache\1394bus.sys
2009-10-02 12:12 53,248 a------- c:\windows\system32\drivers\1394bus.sys
2009-09-30 19:52 36,752 a---h--- c:\windows\system32\mlfcache.dat
2009-09-29 17:29 <DIR> --d----- c:\program files\DivX
2009-09-29 17:29 <DIR> --d----- c:\program files\common files\DivX Shared
2009-09-27 16:05 <DIR> --d----- c:\windows\Driving Test Complete
2009-09-27 16:05 <DIR> --d----- c:\program files\Driving Test Complete
2009-09-24 13:14 <DIR> --d----- c:\program files\R-Studio NTFS
2009-09-24 12:35 <DIR> --d----- c:\program files\Visual Pinball
2009-09-24 12:32 <DIR> --d----- c:\program files\Smart Explorer
2009-09-19 14:39 <DIR> --d----- c:\program files\Yahoo!
2009-09-10 13:36 <DIR> --d----- c:\program files\SpeedFan
2009-09-10 13:36 45 a------- c:\windows\system32\initdebug.nfo
2009-09-09 18:53 <DIR> --d----- c:\program files\ASTRA32
2009-09-09 09:10 153,088 -c------ c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-10-05 20:57 360,320 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-08-24 08:55 19,518 a------- c:\windows\hpqins13.dat
2009-08-17 15:28 800 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-08-17 11:22 410,984 a------- c:\windows\system32\deploytk.dll
2009-08-12 13:32 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-08-12 13:21 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb20_01001.Wdf
2009-08-12 13:21 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-08-12 12:37 166,597 a------- c:\windows\hpoins21.dat
2009-08-11 09:22 722,416 a------- c:\windows\system32\drivers\sptd.sys
2009-08-11 00:15 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-11 00:00 16,896 a------- c:\windows\system32\fltlib.dll
2009-08-10 23:36 4,608 a------- c:\windows\system32\w95inf32.dll
2009-08-10 23:36 2,272 a------- c:\windows\system32\w95inf16.dll
2009-08-10 18:33 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-08-08 12:10 236,544 a------- c:\windows\PEV.exe
2009-08-05 10:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 05:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 05:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-17 19:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-14 19:54 10,457,088 a------- c:\windows\system32\nvoglnt.dll
2009-07-14 19:54 5,842,816 a------- c:\windows\system32\nv4_disp.dll
2009-07-14 19:54 2,189,856 a------- c:\windows\system32\nvcuvid.dll
2009-07-14 19:54 2,002,944 a------- c:\windows\system32\nvcuda.dll
2009-07-14 19:54 1,706,528 a------- c:\windows\system32\nvcuvenc.dll
2009-07-14 19:54 1,597,690 a------- c:\windows\system32\nvdata.bin
2009-07-14 19:54 868,352 a------- c:\windows\system32\nvapi.dll
2009-07-14 19:54 485,920 a------- c:\windows\system32\nvudisp.exe
2009-07-14 19:54 151,552 a------- c:\windows\system32\nvcodins.dll
2009-07-14 19:54 151,552 a------- c:\windows\system32\nvcod.dll
2009-07-14 13:35 2,173,472 a------- c:\windows\system32\nvcplui.exe
2009-07-14 13:35 81,920 a------- c:\windows\system32\nvwddi.dll
2009-07-14 13:35 4,026,368 a------- c:\windows\system32\nvvitvs.dll
2009-07-14 13:35 3,170,304 a------- c:\windows\system32\nvwss.dll
2009-07-14 13:34 13,877,248 a------- c:\windows\system32\nvcpl.dll
2009-07-14 13:34 4,923,392 a------- c:\windows\system32\nvdisps.dll
2009-07-14 13:34 3,547,136 a------- c:\windows\system32\nvgames.dll
2009-07-14 13:34 1,286,144 a------- c:\windows\system32\nvmobls.dll
2009-07-14 13:34 188,416 a------- c:\windows\system32\nvmccss.dll
2009-07-14 13:34 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-07-14 13:34 163,840 a------- c:\windows\system32\nvcolor.exe
2009-07-14 13:34 86,016 a------- c:\windows\system32\nvmctray.dll
2009-07-14 13:34 229,376 a------- c:\windows\system32\nvmccs.dll
2009-07-14 01:17 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-07-14 01:17 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-07-14 01:15 90,112 a------- c:\windows\system32\dpl100.dll
2009-07-14 01:15 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-07-14 01:15 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-07-14 01:15 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-07-14 01:15 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-07-14 01:15 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-07-14 01:15 685,056 a------- c:\windows\system32\DivX.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\wmpdxm.dll
2009-07-10 07:01 485,920 a------- c:\windows\system32\NVUNINST.EXE

============= FINISH: 18:14:20.12 ===============

[CatByte]

Hi,

Please do the following:


Download ComboFix from either of these locations:
Link 1
Link 2


VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[steve dee]

Unfortunately I cannot get combofix to run, when I try a message appears 'combofix has been compromised-you may been infected with a virut-please re-download combofix' and then the exe disappears from the desktop.

[CatByte]

I would like to first confirm if you do in fact, have virut.

Please do the following:

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

  c:\windows\system32\userinit.exe

• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Please do the same for the following files:
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\spoolsv.exe


NEXT


We would be grateful if you could assist us in our research into this infection by providing us with some samples and information from your machine. This will only take a minute or two to complete, and is very simple. If you wish to help us, please do the following:

• Download VAPrep.bat and save it to your Desktop.
• Double-click VAPrep.bat to run it. It will only take a moment to complete.
• When done, please right-click the [b]VAPrep[b] folder which should now be on your Desktop. Select Send To >> Compressed (zipped) Folder.
• Next, please go to this webpage.
• Browse to the VAPrep.zip zipped folder you just created.
• Click Send File.

Once done, you can delete the VAPrep folder and .zip file from you Desktop. Thanks for helping us out.

[steve dee]

Here is the results of the four scans:

VirSCAN.org Scanned Report :
Scanned time : 2009/10/09 13:28:42 (BST)
Scanner results: 54% Scanner(20/37) found malware!
File Name : userinit.exe
File Size : 45056 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : d0b91dc209f318d9e284cca3207f7c56
SHA1 : 81d3eb7306b44edab306735fd5d7d8906042c754
Online report : http://virscan.org/report/c038883bf7...97decfe66.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091009200401 2009-10-09 9.37 -
AhnLab V3 2009.10.09.03 2009.10.09 2009-10-09 3.18 Win32/Virut.F
AntiVir 8.2.1.35 7.1.6.93 2009-10-09 0.38 W32/Virut.Gen
Antiy 2.0.18 20091009.2981422 2009-10-09 0.12 -
Arcavir 2009 200910071802 2009-10-07 0.04 -
Authentium 5.1.1 200910082208 2009-10-08 1.18 W32/Virut.AI!Generic

(Heuristic)
AVAST! 4.7.4 091008-0 2009-10-08 0.01 -
AVG 8.5.288 270.14.8/2425 2009-10-09 0.60 -
BitDefender 7.81008.4325579 7.28190 2009-10-09 3.74 Win32.Virtob.Gen.12
CA (VET) 9.0.0.143 35.1.7058 2009-10-09 6.41 -
ClamAV 0.95.2 9875 2009-10-09 0.01 -
Comodo 3.12 2546 2009-10-09 1.81 -
CP Secure 1.3.0.5 2009.10.09 2009-10-09 0.05 -
Dr.Web 4.44.0.9170 2009.10.09 2009-10-09 5.54 Win32.Virut.56
F-Prot 4.4.4.56 20091008 2009-10-08 1.17 Possible

W32/Virut.AI!Generic
F-Secure 7.02.73807 2009.10.09.05 2009-10-09 0.09 Virus.Win32.Virut.ce

[AVP]
Fortinet 2.81-3.120 10.922 2009-10-09 0.92 -
GData 19.8305/19.504 20091009 2009-10-09 8.15 Virus.Win32.Virut.ce

[Engine:A]
ViRobot 20091009 2009.10.09 2009-10-09 0.43 -
Ikarus T3.1.01.72 2009.10.09.74016 2009-10-09 4.22 -
JiangMin 11.0.800 2009.10.08 2009-10-08 10.88 Win32/Virut.bo
Kaspersky 5.5.10 2009.10.09 2009-10-09 0.06 Virus.Win32.Virut.ce
KingSoft 2009.2.5.15 2009.10.9.18 2009-10-09 1.30 Win32.Virut.xc.91648
McAfee 5.3.00 5765 2009-10-08 3.38 W32/Virut.n.gen
Microsoft 1.5101 2009.10.08 2009-10-08 7.02

Virus:Win32/Virut.gen!O
Norman 6.01.09 6.01.00 2009-10-09 4.00 W32/Virut.DX
Panda 9.05.01 2009.10.08 2009-10-08 3.98 W32/Sality.AO
Trend Micro 8.700-1004 6.524.01 2009-10-09 0.07 Cryp_Xed-15
Quick Heal 10.00 2009.10.09 2009-10-09 1.22 W32.Virut.G
Rising 20.0 21.50.44.00 2009-10-09 1.14 -
Sophos 2.90.1 4.45 2009-10-09 3.67 W32/Scribble-B
Sunbelt 5437 5437 2009-10-08 1.59 Virus.Win32.Virut.ce

(v)
Symantec 1.3.0.24 20091008.003 2009-10-08 0.10 W32.Virut.CF
nProtect 20091008.02 5754855 2009-10-08 7.55 -
The Hacker 6.5.0.2 v00033 2009-10-07 1.44 -
VBA32 3.12.10.11 20091007.1940 2009-10-07 1.84 -
VirusBuster 4.5.11.10 10.112.62/2570460 2009-10-08 3.07 -


VirSCAN.org Scanned Report :
Scanned time : 2009/10/09 13:36:29 (BST)
Scanner results: 57% Scanner(21/37) found malware!
File Name : explorer.exe
File Size : 1052672 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 5a2ade0d1222411f84ddc687c62ebf73
SHA1 : 1c74a0460be181a7f0984cede1725723dda4dbb1
Online report : http://virscan.org/report/acd8cc4eca...dba98dc15.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091009200401 2009-10-09 7.07 Virus.Win32.Virut.q!IK
AhnLab V3 2009.10.09.03 2009.10.09 2009-10-09 1.45 Win32/Virut.F
AntiVir 8.2.1.35 7.1.6.93 2009-10-09 0.42 W32/Virut.Gen
Antiy 2.0.18 20091009.2981422 2009-10-09 0.12 -
Arcavir 2009 200910071802 2009-10-07 0.06 -
Authentium 5.1.1 200910082208 2009-10-08 1.19 W32/Virut.AI!Generic (Heuristic)
AVAST! 4.7.4 091008-0 2009-10-08 0.05 -
AVG 8.5.288 270.14.8/2425 2009-10-09 0.52 -
BitDefender 7.81008.4325579 7.28190 2009-10-09 3.72 Win32.Virtob.Gen.12
CA (VET) 9.0.0.143 35.1.7058 2009-10-09 3.80 -
ClamAV 0.95.2 9875 2009-10-09 0.17 -
Comodo 3.12 2546 2009-10-09 3.22 -
CP Secure 1.3.0.5 2009.10.09 2009-10-09 0.11 -
Dr.Web 4.44.0.9170 2009.10.09 2009-10-09 5.52 Win32.Virut.56
F-Prot 4.4.4.56 20091008 2009-10-08 1.21 Possible W32/Virut.AI!Generic
F-Secure 7.02.73807 2009.10.09.05 2009-10-09 8.59 Virus.Win32.Virut.ce [AVP]
Fortinet 2.81-3.120 10.922 2009-10-09 0.33 -
GData 19.8305/19.504 20091009 2009-10-09 8.08 Virus.Win32.Virut.ce [Engine:A]
ViRobot 20091009 2009.10.09 2009-10-09 1.39 -
Ikarus T3.1.01.72 2009.10.09.74016 2009-10-09 4.12 Virus.Win32.Virut.q
JiangMin 11.0.800 2009.10.08 2009-10-08 12.07 Win32/Virut.bo
Kaspersky 5.5.10 2009.10.09 2009-10-09 0.07 Virus.Win32.Virut.ce
KingSoft 2009.2.5.15 2009.10.9.18 2009-10-09 0.75 Win32.Virut.xc.91648
McAfee 5.3.00 5765 2009-10-08 3.43 W32/Virut.n.gen
Microsoft 1.5101 2009.10.08 2009-10-08 9.58 Virus:Win32/Virut.gen!O
Norman 6.01.09 6.01.00 2009-10-09 8.01 -
Panda 9.05.01 2009.10.08 2009-10-08 1.84 W32/Sality.AO
Trend Micro 8.700-1004 6.524.01 2009-10-09 0.07 -
Quick Heal 10.00 2009.10.09 2009-10-09 1.49 W32.Virut.G
Rising 20.0 21.50.44.00 2009-10-09 1.37 Win32.Virut.cr
Sophos 2.90.1 4.45 2009-10-09 3.67 W32/Scribble-B
Sunbelt 5437 5437 2009-10-08 2.76 Virus.Win32.Virut.ce (v)
Symantec 1.3.0.24 20091008.003 2009-10-08 0.10 W32.Virut.CF
nProtect 20091008.02 5754855 2009-10-08 10.99 -
The Hacker 6.5.0.2 v00033 2009-10-07 2.22 -
VBA32 3.12.10.11 20091007.1940 2009-10-07 1.97 -
VirusBuster 4.5.11.10 10.112.62/2570460 2009-10-08 4.88 -



VirSCAN.org Scanned Report :
Scanned time : 2009/10/09 13:49:23 (BST)
Scanner results: 57% Scanner(21/37) found malware!
File Name : ctfmon.exe
File Size : 35840 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : d02e9134d097ce0c42cbe5bb55707ab4
SHA1 : 0751c8ec38cea7f67893d25ade8b3243a62fdace
Online report : http://virscan.org/report/3889fc4705...c0491f187.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091009200401 2009-10-09 9.85 -
AhnLab V3 2009.10.09.03 2009.10.09 2009-10-09 4.54 Win32/Virut.F
AntiVir 8.2.1.35 7.1.6.93 2009-10-09 0.23 W32/Virut.Gen
Antiy 2.0.18 20091009.2981422 2009-10-09 0.12 -
Arcavir 2009 200910071802 2009-10-07 0.04 -
Authentium 5.1.1 200910082208 2009-10-08 1.41 W32/Virut.AI!Generic (Heuristic)
AVAST! 4.7.4 091008-0 2009-10-08 0.03 -
AVG 8.5.288 270.14.8/2425 2009-10-09 0.58 -
BitDefender 7.81008.4325579 7.28190 2009-10-09 4.71 Win32.Virtob.Gen.12
CA (VET) 9.0.0.143 35.1.7058 2009-10-09 25.50 -
ClamAV 0.95.2 9875 2009-10-09 0.16 -
Comodo 3.12 2546 2009-10-09 2.24 -
CP Secure 1.3.0.5 2009.10.09 2009-10-09 0.06 -
Dr.Web 4.44.0.9170 2009.10.09 2009-10-09 5.93 Win32.Virut.56
F-Prot 4.4.4.56 20091008 2009-10-08 2.34 Possible W32/Virut.AI!Generic
F-Secure 7.02.73807 2009.10.09.05 2009-10-09 8.75 Virus.Win32.Virut.ce [AVP]
Fortinet 2.81-3.120 10.922 2009-10-09 0.61 -
GData 19.8305/19.504 20091009 2009-10-09 12.56 Virus.Win32.Virut.ce [Engine:A]
ViRobot 20091009 2009.10.09 2009-10-09 1.22 -
Ikarus T3.1.01.72 2009.10.09.74016 2009-10-09 4.28 -
JiangMin 11.0.800 2009.10.08 2009-10-08 15.91 Win32/Virut.bo
Kaspersky 5.5.10 2009.10.09 2009-10-09 0.06 Virus.Win32.Virut.ce
KingSoft 2009.2.5.15 2009.10.9.18 2009-10-09 1.85 Win32.Virut.xc.91648
McAfee 5.3.00 5765 2009-10-08 3.34 W32/Virut.n.gen
Microsoft 1.5101 2009.10.08 2009-10-08 10.91 Virus:Win32/Virut.gen!O
Norman 6.01.09 6.01.00 2009-10-09 4.00 W32/Virut.DX
Panda 9.05.01 2009.10.08 2009-10-08 4.38 W32/Sality.AO
Trend Micro 8.700-1004 6.524.01 2009-10-09 0.11 Cryp_Xed-15
Quick Heal 10.00 2009.10.09 2009-10-09 2.44 W32.Virut.G
Rising 20.0 21.50.44.00 2009-10-09 1.15 Win32.Virut.cr
Sophos 2.90.1 4.45 2009-10-09 5.28 W32/Scribble-B
Sunbelt 5437 5437 2009-10-08 1.47 Virus.Win32.Virut.ce (v)
Symantec 1.3.0.24 20091008.003 2009-10-08 0.05 W32.Virut.CF
nProtect 20091008.02 5754855 2009-10-08 7.77 -
The Hacker 6.5.0.2 v00033 2009-10-07 0.80 -
VBA32 3.12.10.11 20091007.1940 2009-10-07 1.87 -
VirusBuster 4.5.11.10 10.112.62/2570460 2009-10-08 3.06 -



VirSCAN.org Scanned Report :
Scanned time : 2009/10/09 13:53:06 (BST)
Scanner results: 59% Scanner(22/37) found malware!
File Name : spoolsv.exe
File Size : 78336 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 22ca56f60f19f3f06a911104ac890225
SHA1 : 4c101dbff88707875d8c9b3e27f75909890bdebb
Online report : http://virscan.org/report/d3e5f6b4a0...02c821eac.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091009200401 2009-10-09 5.97 Virus.Win32.SdBot!IK
AhnLab V3 2009.10.09.03 2009.10.09 2009-10-09 1.01 Win32/Virut.F
AntiVir 8.2.1.35 7.1.6.93 2009-10-09 0.54 W32/Virut.Gen
Antiy 2.0.18 20091009.2981422 2009-10-09 0.12 -
Arcavir 2009 200910071802 2009-10-07 0.05 -
Authentium 5.1.1 200910082208 2009-10-08 1.19 W32/Virut.AI!Generic (Heuristic)
AVAST! 4.7.4 091008-0 2009-10-08 0.01 -
AVG 8.5.288 270.14.8/2425 2009-10-09 0.56 -
BitDefender 7.81008.4325579 7.28190 2009-10-09 3.77 Win32.Virtob.Gen.12
CA (VET) 9.0.0.143 35.1.7058 2009-10-09 4.76 -
ClamAV 0.95.2 9875 2009-10-09 0.02 -
Comodo 3.12 2546 2009-10-09 0.84 -
CP Secure 1.3.0.5 2009.10.09 2009-10-09 0.06 -
Dr.Web 4.44.0.9170 2009.10.09 2009-10-09 5.54 Win32.Virut.56
F-Prot 4.4.4.56 20091008 2009-10-08 1.18 Possible W32/Virut.AI!Generic
F-Secure 7.02.73807 2009.10.09.05 2009-10-09 0.10 Virus.Win32.Virut.ce [AVP]
Fortinet 2.81-3.120 10.922 2009-10-09 0.72 -
GData 19.8305/19.504 20091009 2009-10-09 6.34 Virus.Win32.Virut.ce [Engine:A]
ViRobot 20091009 2009.10.09 2009-10-09 0.49 -
Ikarus T3.1.01.72 2009.10.09.74016 2009-10-09 4.07 Virus.Win32.SdBot
JiangMin 11.0.800 2009.10.08 2009-10-08 8.38 Win32/Virut.bo
Kaspersky 5.5.10 2009.10.09 2009-10-09 0.06 Virus.Win32.Virut.ce
KingSoft 2009.2.5.15 2009.10.9.18 2009-10-09 2.62 -
McAfee 5.3.00 5765 2009-10-08 3.34 W32/Virut.n.gen
Microsoft 1.5101 2009.10.08 2009-10-08 7.74 Virus:Win32/Virut.gen!O
Norman 6.01.09 6.01.00 2009-10-09 4.01 W32/Virut.DX
Panda 9.05.01 2009.10.08 2009-10-08 3.95 W32/Sality.AO
Trend Micro 8.700-1004 6.524.01 2009-10-09 0.07 Cryp_Xed-15
Quick Heal 10.00 2009.10.09 2009-10-09 1.22 W32.Virut.G
Rising 20.0 21.50.44.00 2009-10-09 0.94 Win32.Virut.cr
Sophos 2.90.1 4.45 2009-10-09 3.64 W32/Scribble-B
Sunbelt 5437 5437 2009-10-08 1.62 Virus.Win32.Virut.ce (v)
Symantec 1.3.0.24 20091008.003 2009-10-08 0.35 W32.Virut.CF
nProtect 20091008.02 5754855 2009-10-08 8.99 -
The Hacker 6.5.0.2 v00033 2009-10-07 0.84 -
VBA32 3.12.10.11 20091007.1940 2009-10-07 1.90 -
VirusBuster 4.5.11.10 10.112.62/2570460 2009-10-08 3.25 -

[CatByte]

Hi,

Bad news I am afraid.

It has been confirmed that VIRUT is the infection.

This infection CANNOT be cleaned. The only option is a complete reformat and re-install.

There is a tutorial on how to reformat here

Read more about the VIRUT FILE INFECTOR HERE

This infection has been known to infect every type of file on the system, it really isn't safe to try and save anything, especially .exe/.scr/.htm/.html/.xml/.zip/.pif/.com/.rar files file types.

They could all be infected and will simply re-infect your system again, there is no way of being certain what this infection can do.

I am sorry there is nothing more that we can do.

Miekiemoes, a highly regarded expert in malware removal, and an MS-MVP, has an extremely informative blog post about Virut. - she only ever recommends a total reformat.

At least this way, you have the best chance of having a clean machine once more.

For future protection read this very well written article Think Prevention.

[steve dee]

So the backups I made before my last re-install are probably what infected my computer again!!! :(

[CatByte]

Hi,

Yes, I would say that is likely. I would delete those backups completely and start fresh.

(how did you have those backups stored, if on a separate drive, that will need to be formatted also)

[steve dee]

I had them stored on disc, but then copied them across to my hard drive, both hard drives have now been wiped and im running a fresh install.

Im assuming my backup pictures and videos will be ok?

[CatByte]

Hopefully they will be, but I can't guarantee it, nobody knows what this virus is capable of.