[CrimsonSun]

Right so one afternoon about a week ago my AVG antivirus said it couldn't update i didnt really think about it thinking it would update when i restarted next or something.

so a week later i uninstalled in and tried installing some other antivirus software. they wont install because they cant access the internet but my internet is fine.

i tried a system restore but that didnt work ( hope i didnt mess things up....)

i need help i dont want to leave myself wide open to other viruses :/

i rana scan with clamwin and it found this:

c:\Program Files\Microsoft Office\Office12\excelcnv.exe: W32.Virut.Gen.D-163 FOUND

i dont think the whole thing is the file name but maybe its wats causing my problems but i dont really think thats it

:4-dontkno :sigh:

 

[CrimsonSun]

Re: Malware Prevents Antivirus Install/Updates

right so i know im not supposed 2 bump but i cant find the edit button on this forum ( -.- )

anyway i dont know how to delete that item i posted and need help :|

 

[Ried]

Re: Malware Prevents Antivirus Install/Updates

Hello CrimsonSun,

Why do you want to delete the entry you posted?

That file has been identified as Virut--there's no mistake.

As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). The problem is that the virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files corrupting them beyond repair.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups. If that is not possible, then your data is lost.


See our colleague miekiemoes' blog for similar comments here

 

[CrimsonSun]

Re: Malware Prevents Antivirus Install/Updates

so i should use my system restore disks?

 

[Ried]

Re: Malware Prevents Antivirus Install/Updates

If you meant to say System Recovery disks that came with the computer when you purchased it, yes. :sayyes:

 

[CrimsonSun]

Re: Malware Prevents Antivirus Install/Updates

yea i had 2 make them but the program that made them came with the laptop. Using the option that allows me to keep my data files is ok right?

am i able to use my flashdrives and sd cards?

have they been infected?

 

[Ried]

Re: Malware Prevents Antivirus Install/Updates

As long as they are just data files. it's okay. Do not keep any .exe's, .scr, .htm, .html, .rar. or .zip files

 

[CrimsonSun]

Re: Malware Prevents Antivirus Install/Updates

wait so i cant keep any files that i may have in .rars even if they arent exe?

do i have to look around and find these things... :/?

Also can i "clean" my usb drives in anyway?

 

[Ried]

Re: Malware Prevents Antivirus Install/Updates

Yes, if you want to keep any pics or music files, or other important documents, you're going to have to go through all of them and pull out any with files extensions that I listed. Please re-read Post #3 - it is all explained there.

 

[CrimsonSun]

Re: Malware Prevents Antivirus Install/Updates

do i need to do anything about my system restore folder or something alone that line?

 

[Ried]

Re: Malware Prevents Antivirus Install/Updates

As I mentioned in Post 3, Virut rips through your entire Operating System eventually infecting all the file extensions I mentioned. What needs to be done is wipe the hard drive clean - erase it all - then reinstall Windows. Back up only the documents, pictures, and music files that are a must have. Everything else needs to be wiped out.

 

[CrimsonSun]

Re: Malware Prevents Antivirus Install/Updates

thanks for that help, but i think a file that was already on my usb drive might have been infected what can i do?

the usb drive has alot of my files that i want to keep on it :\

 

[Ried]

Re: Malware Prevents Antivirus Install/Updates

If you have not reinstalled Windows yet, then connect the usb and run an online scan so we can see what files are infected.

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

 

[CrimsonSun]

Re: Malware Prevents Antivirus Install/Updates

while thats dling and doing its thing...

can i use my "d:/" drive which is the HP recovery drive?

ive never know wat it is or used it but perhaps i can use this instead of my cd's?

 

[CrimsonSun]

Re: Malware Prevents Antivirus Install/Updates

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, December 2, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 02, 2009 21:49:32
Records in database: 3323855
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Folder:
N:\

Scan statistics:
Objects scanned: 4572
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 00:06:22


File name / Threat / Threats count
N:\ice\fire\traymgr.exe Infected: Trojan.Win32.Buzus.bxoi 1

Selected area has been scanned.

 

[Ried]

Re: Malware Prevents Antivirus Install/Updates

No worries about that file. It is a false detection and more importantly - it is not flagged as Virut.

It would be preferable for you to use your recovery cd's that you made instead of the d:\ partition. In rare cases, Virut has managed to penetrate that partition as well.

 

[CrimsonSun]

Re: Malware Prevents Antivirus Install/Updates

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, December 2, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 02, 2009 21:49:32
Records in database: 3323855
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
I:\
L:\

Scan statistics:
Objects scanned: 109984
Threats found: 4
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 03:29:15


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\502C520B Infected: Trojan-Spy.Win32.SCKeyLog.ac 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\502F7C08.exe Infected: Trojan-Spy.Win32.SCKeyLog.ac 1
C:\Documents and Settings\Executor\Local Settings\Temp\tray.exe.trtmp Infected: Trojan.Win32.Buzus.bxoi 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\WINDOWS\HMF\HideMyFolders.exe Infected: not-a-virus:RiskTool.Win32.HideFolders.214 1
C:\WINDOWS\system32\tray.exe Infected: Trojan.Win32.Buzus.bxoi 1

Selected area has been scanned.

_________________________________

Well i scanned my whole computer and it turned up only 6 results, are you guys sure that i cant use an available virut tool to remove the infections?

I dont want to continue with anything until i know if using my usb on a clean comp will infect it. if its a problem i guess i can go buy some cd's or dvds or something.
_________________

Posted before i saw ur last post. thanks for that info it really raises my spirits :grin::tongue:


Thanks for all the help so far!!

ill let you know when it recovs successfully and will run a new k____ online scan afterwards

 

[CrimsonSun]

Re: Malware Prevents Antivirus Install/Updates

you know i cant help but notice that i dont see a virut flag on the KASPERSKY ONLINE SCANNER , i still havent reformatted anything yet coz ive been away but are you guys sure this isnt something else :|?

that first scanner might have been wrong?

 

[Ried]

Re: Malware Prevents Antivirus Install/Updates

It's sure is possible AVG is wrong. I would think we'd see something by Kaspersky as well.

Do this please -

Download Avira AntiVir Personal. Do not install it yet.

Uninstall AVG via the Add or Remove programs panel and reboot.


Now proceed with installing Avira. Update definitions, then run a full system scan. Post the results of that scan.

 

[CrimsonSun]

Re: Malware Prevents Antivirus Install/Updates

i was unable to install any updates

what should i do now?