Tech Support Forum banner
Status
Not open for further replies.
1 - 5 of 5 Posts

· Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Hi guys, recently i downloaded an .exe game which had malware on it. As soon as i ran the program i was bombarded with warning/notices saying i have the win32/heur, win32/virut and many other trojans. I closed all programs and immediatly ran avg 8.5 scan. It detected 276 infected files. It healed many files but 46 weren't healed. These were either win32/heur or win32/virut. The next day i installed malwarebytes anti malware and spybot search and destroy. I ran both these scans AND the avg scan. They all detected different threats and were removed but win32/heur and virut remain. I rebooted my pc and avg did an automatic scan before i got to the desktop. Meaning i didn't get to my desktop yet avg was running a scan. When i was able to go into my desktop the taskbar and desktop icons were missing. I was only able to use m pc via taskmanager. Now i still have the 46 infected files which cant be removed and my taskbar and desktop icons were gone. I tried to run explorer.exe but it ddnt work because "system cannot locate file" please help!!

The 46 infected files are windows32 files. Probably registry files so it cant be removed. I have winxp and atg 8.5. +malwarebytes and spybot
 

· TSF-Emeritus
Joined
·
8,968 Posts
Hi,

I would like to first confirm if you do in fact, have virut.

Please do the following:

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    c:\windows\system32\userinit.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Please do the same for the following files:
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\spoolsv.exe


NEXT


We would be grateful if you could assist us in our research into this infection by providing us with some samples and information from your machine. This will only take a minute or two to complete, and is very simple. If you wish to help us, please do the following:
  • Download VAPrep.bat and save it to your Desktop.
  • Double-click VAPrep.bat to run it. It will only take a moment to complete.
  • When done, please right-click the VAPrep folder which should now be on your Desktop. Select Send To >> Compressed (zipped) Folder.
  • Next, please go to this webpage.
  • Browse to the VAPrep.zip zipped folder you just created.
  • Click Send File.
Once done, you can delete the VAPrep folder and .zip file from you Desktop. Thanks for helping us out.
 

· Registered
Joined
·
2 Posts
Discussion Starter · #3 ·
Yes I used internet explorer and tried to upload the suspicious files onto virscan.org but after 2 days of trying, i got the same response. The server is down. Is there another website or progam in which to do this?

I also downloaded the VAPrep.bat file but when I ran it it opened quickly then shut down by itself. Is it a black screen with a few white/grey words.

I really don't know what to do.
Please any assistance would be greatly appreciated
 

· TSF-Emeritus
Joined
·
8,968 Posts
Hi,

Try this scanner instead:

submit a file to virustotal for analysis

  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file c:\windows\system32\userinit.exe
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results

Make sure you have copied and saved the results before continuing.

Do the same for the following files
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\spoolsv.exe
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top