Lots of trouble w/ win32/heur (virut?)

[Yowza]

Hello all

So I've contracted something major here. AVG is giving me win32 heur alerts on a ton of .exe and system32 files. I've got adult links on my desk and strange pop up sounds. I can't go to any website that offers fixes for win32 heur. Tried to dl Combofix (renamed it too) and that won't start. Looks pretty bad...not trying to wipe my drive if that can be avoided. Not too handy technically...Thanks a ton guys!


DDS (Ver_09-10-13.01) - NTFSx86
Run by zxzxz at 19:44:11.03 on Sat 10/24/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.811 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Lang\adobelnd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Documents and Settings\Zack Kerns\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Zack Kerns\Application Data\Dropbox\bin\Dropbox.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\wuauclt.exe
K:\LaunchU3.exe
C:\Documents and Settings\Zack Kerns\Application Data\U3\22430011A1125CC9\Intro\U3Introduction.exe
C:\Documents and Settings\Zack Kerns\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [Google Update] "c:\documents and settings\zack kerns\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Lang Define ] c:\program files\adobe\lang\adobelnd.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\zackke~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\zackke~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\zack kerns\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\CalibAdobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-3 206256]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-9 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-9 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-17 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-11 297752]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2005-11-30 58952]
R2 Ias;Protected Network Provider;c:\windows\system32\svchost.exe -k netsvcs [2004-3-31 14336]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-3 348752]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2008-6-19 106496]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-29 45056]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2008-6-20 105472]
S2 gupdate1c93719d6a42904;Google Update Service (gupdate1c93719d6a42904);c:\program files\google\update\GoogleUpdate.exe [2008-10-25 133104]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\mediacoder\SysInfo.sys [2007-9-25 15152]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-6-20 17149]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-15 33752]
S3 isasdk;isasdk;c:\windows\system32\isasdk.sys [2004-3-31 2304]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2008-6-20 362944]

=============== Created Last 30 ================

2009-10-03 13:44 89,600 a------- c:\windows\system32\688.tmp
2009-10-03 13:44 52 a------- c:\windows\system32\687.tmp
2009-10-03 03:47 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-10-03 03:46 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-10-03 03:46 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-03 03:46 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-10-03 03:45 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-10-03 03:45 <DIR> --d----- c:\program files\common files\PC Tools
2009-10-03 03:45 <DIR> --d----- c:\program files\Spyware Doctor
2009-10-03 03:45 <DIR> --d----- c:\docume~1\zackke~1\applic~1\PC Tools
2009-10-03 03:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-03 03:01 89,600 a------- c:\windows\system32\63C.tmp
2009-10-03 03:01 52 a------- c:\windows\system32\63B.tmp
2009-10-03 02:25 89,600 a------- c:\windows\system32\637.tmp
2009-10-03 02:25 52 a------- c:\windows\system32\636.tmp
2009-10-03 01:53 151,040 a------- c:\windows\sv3.exe
2009-10-03 01:53 109,056 a------- c:\windows\sv1.exe
2009-10-03 01:52 0 a------- c:\windows\system32\632.tmp
2009-10-03 01:52 89,600 a------- c:\windows\system32\631.tmp
2009-10-03 01:52 52 a------- c:\windows\system32\630.tmp
2009-10-03 01:52 0 a------- c:\windows\sc.exe
2009-10-03 01:52 <DIR> --d----- c:\program files\Protection System
2009-10-03 01:51 191,515 a------- C:\rcqdj.exe
2009-10-03 01:51 130,560 a------- C:\sapykle.exe
2009-10-03 01:40 <DIR> --d----- c:\program files\EASEUS
2009-10-02 21:01 <DIR> --d----- c:\program files\SoftLogica
2009-10-01 19:04 <DIR> --d----- c:\program files\Xiph.Org
2009-09-27 16:25 883,776 a---h--- c:\windows\system32\mlfcache.dat

==================== Find3M ====================

2009-08-28 08:15 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 08:15 11,952 a------- c:\windows\system32\avgrsstx.dll
2008-04-16 02:16 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-09-24 17:44 784 a------- c:\docume~1\zackke~1\applic~1\mpauth.dat
2008-12-09 09:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120920081210\index.dat

============= FINISH: 19:45:31.76 ===============

[tetonbob]

Hello -

I don't like to be the bearer of bad news, but your AV has indicated Virut, ComboFix has given you a warning indicating a possible file infector such as Virut. That's enough for me to tell you the following:

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.

See miekiemoes' blog for similar comments here:

http://miekiemoes.blogspot.com/2009/...-throwing.html

[Yowza]

whoo boy, yeah I expected it to be bad. Ok, well, the comp managed to restart itself somehow randomly and now it crashes after the XP windows logo screen. (it flashes a quick BSOD looking screen and then restarts).

There are a few personal documents I didn't manage to back up on there, is there anyway to get to those?

I do have a good amount of things backed up BUT I might have plugged the external hd that all my backed up files are on into the problem comp while it was infected. :( I'm pretty sure there are a couple random .exe files on there...I assume that means they could potentially be infected too. I have since plugged that hd into my only other comp, a mac book running os x. Can virut infect this too? My understanding is that there are no known viruses that can infect the mac os, but I could be wrong. Moreover, is there a way to detect if these .exe, .scr, or htm, html, asp and php
files are infected by running some sort of virus check on my mac?

Thank you very much for your help on this matter

[tetonbob]

Quote:

I might have plugged the external hd that all my backed up files are on into the problem comp while it was infected....Moreover, is there a way to detect if these .exe, .scr, or htm, html, asp and php files are infected by running some sort of virus check on my mac?

I really can't advise you about your Mac, as I've never even touched one. We do have a mac support section, where they would be better able to advise you. It seems this version of TrendMicro's Housecall will run on a Mac. Not sure if it's still current.

Quote:

Macintosh support requires the following minimum system components:

* Macintosh Computer with PowerPC G4 or G5 Processor
* MAC OS X 10.4 (Tiger)
* 512MB of RAM
* At least 30MB of available disk space
* Firefox Mozilla Firefox 1.5.0.1 and later

With Virut, I would not take any chances, but as I understand it, pe files for Windows don't execute on a Mac.

Quote:

There are a few personal documents I didn't manage to back up on there, is there anyway to get to those?

Now that the OS won't load, there are a couple ways I know of to access the data, and not without risk. You might be able to boot from a Linux Live CD or other boot disk, and burn those docs to CD if the bootdisk allows burning. Another way, much more risky and not advisable unless you have an old machine you don't care about, would be to slave the hdd to that machine. It does put the other machine at risk.

Since you're going to format, you could also try DrWeb's boot CD, see if it can cure what's there, long enough for Windows to load, and offload any "valued" documents. How it works Again, you have to decide what the risk is worth.

Were it my machine, unless there was huge amounts of irreplaceable financial or personal data involved, I'd flatten the whole thing, and not look back. External included. Virut is bad.

[Yowza]

Hi again

sorry it took so long to get back to you! I was trying to repair things using Dr. Web, but the process would always freeze up at some point. I'm also kind've clueless as to how the file manager system works, so I will try a linux boot disk to remove the remaining files. I will also ask the mac forum what they're opinion is regarding the potentially infected drive.

As for my re-install, I don't have anything partitioned as of now. Should I create a partition and install there? That is normally done to ensure that if windows is corrupted, you can re-install it without having to install every program you use as well, correct? Would you happen to know much space is required for an XP SP3 install approximately off hand? And regarding formatting, will it offer to format the disk when I boot from a windows install disk?

Thanks so much again for your help

[tetonbob]

You need to format the machine, and not try to save any partitions. Any program you have currently installed on a virut infected machine is suspect.

See if this helps

http://www.techhandbook.com/windows/...g-Windows.html

Otherwise, please seek assistance with your new install in the Windows XP section of the forum.

[tetonbob]

Since this issue appears to be resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help