Help with removing Win32/Heur virus

Hey hows it going?
My avg recently have been picking up files after files being affected by the win32/heur. It even says that my notepad.exe is infected, and a whole heap of other system files.

I am at the moment in the process of doing the 8steps removal thing from the other thread. I will attach the 3 txt files once i have completed all 8 steps.

I am hoping that i can clear this problem and not have to reformat

OK i have completed the 8steps and here are the log files

I havent tried rescannin the computer with AVG etc yet so i dont know if it has cleaned it. My computer now runs different, alot of program are corrupted and would not load, and things are changed. Also when my computer reboots, it doesnt boot up properly. I have to hold down ctrl+shift+esc to get to the task manager and start explorer.exe through the new task so my computer loads to the desktop.

Also i tried to go on the net with it. AVG picks up a "jl.chura.pl/rc/" threat everytime i load up firefox. What now? can someone please give me abit of help? its giving me the s@#$*. Also, certain pages wont load. Such as the AVG site, and some other anti virus sites. But works on another computer.

Here are the logs, hope you guys can help me out. Thanks

Still need abit of assistance. Can someone check up whether my computer is right, or provide any point of direction and help?

Can someone possibly check the log files? and give me a bit of assistance?

Hey there! I'm sorry that your thread has not received the activity that you were expecting.

Could you please download ComboFix from here, rename it to a few random letters (to stop malware noticing it), and then run it? The log that ComboFix produces should give more of an idea of what is going on, and ComboFix may even be able to remove more of the offending malware (if it is still there).

Please do not click on the ComboFix window itself -- the program has been known to stall on occasions if you do this.

After you're done, please upload the log. Thanks.

ill do that as soon as i can. Thanks for the reply

Sorry havent been on for a while. Been busy with work all weekend.

I tried to run combofix but its says i need to download a new copy everytime i try to run it, combofix wont work, it states that it is infected with the VIRUT virus. Any ideas?

Im still stuck with this, i havent been able to use my computer for a week now....Can someone possibly please help or point of direction ?

.......bump

Chrisdown? your help again?

What does your system time say? If your PC's date is not set properly, combofix will only run in reduced functionality mode or will not run at all. Also, when you saved combofix to your PC did you rename it to something with a .com at the end of it? (ex. 123.com) If you didn't, you should.

My pc's date? It hasnt changed, date is exactly the same date as the day im in. So your sayin that i should run combofix in save mode?

I downloaded combofix on the computer i am using now and transferred it to my infected computer on a usb drive. Once copied, i renamed it to asd.exe. When i open it, it says combofix can not run, because computer is infected with the VIRUT virus and states that a new copied should be downloaded from www.bleepin........ etc.

You may have a virus thats affecting all of your .exe's. That why I said you should change combofix to read 123.COM

You can try to run combofix from safemode, but it is designed to be run from a normal startup.

Basically: On your non-infected PC. Download combofix again, when it asks you where to save it, point it to your flash drive and rename it to 123.com BEFORE you hit save. Now copy 123.com to the infected machine and try to run it.

Alrite sweet, ill give that ago and post back as soon as possible

Ok i did what you told me, but it still gives me the same alert msg, and wont left combofix run. It says the following:-

!! ALERT !! it is not safe to continue. The contents of the combofix package have been compromised. Please download a fresh copy from
www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus "Virut"

that then it deletes itself. Any ideas??

help again tystanwick? or chrisdown?

......Bump

IVZ, you posted 4 times a week ago wanting someone to answer. Sometimes the helpers are very busy and it takes a while- we try to get the 'first come/first served'. Sometimes a member falls through the cracks.

you actually hurt yourself by posting the 4 times- sometimes we look at the number pf replies on a thread and seeing 4, think a helper has started. Then someone finally picked it up but YOU were too busy to follow the instructions.

I'm going to help you now and I expect you to follow through in a timely manner!

Your system has been badly infected with multiple malware- one is a Backdoor Trojan. I advise you to change all your passwords and monitor online banking if you have an account set up.

You also have a DNS Changer which will require that the router be reset. And if I do find that you have a Virut infection, I will recommend a reformat/reinstamm.
You have WAY too much starting on boot and running in the background. This makes you more vulnerable and also slows you down. I will address this at the end of cleaning.

Please reopen HijackThis to 'do system scan only' and CHECK all of the follow, if present. Do Not click on 'Fix Checked' until the list is complete:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {EBE68C84-7471-4100-A578-EA594ADC0FE8} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O20 - Winlogon Notify: tuvTnnKe - tuvTnnKe.dll (file missing)

Please close all Windows except HijackThis and click on 'Fix Checked.'[/B]

This is only a beginning. I have to be out for about 2 hours and will resume when I return. In the meantime, Please run a full system scan with AVG. Save the log and include it in your next reply.

IF you Are infected with Virut, the bottom line will be to reformat. But I'll help you with Combo fix when I return.

Please don't install, uninstall, update or delete in the meantime, with the exception of the HighJack This entries.
Rescan with HJT AFTER the AVG scan and include new log as well as AVG log.

Hey Bobbye, sorry for my stupidity. Just that i got a lil stressed with this whole thing.
Im a night shift worker and I just got home from work. So im now gonna do what you instructed me to do.

A few days ago, i uninstalled AVG. And installed the avast antivirus one instead, and updated it. Is that ok?

I will presume scanning my computer with Avast.

Also, you know anything about "jl.chura.pl/rc/". When i had avg, everytime i load up firefox it would pick this infection up. And i searched it up on the net, and i tried what a few of the other forum threads said about it. I now resetted my internet explorer, uninstalled firefox. And havent tried getting on the net with my computer yet. I have been using my brothers computer.

You're not clear on what you see for jl.chura.pl/rc, but when I pout it in the search box, Firefox reports it as an 'attack site' and don't load it. Firefox was using one of it's security features and preventing you from loading a site known to infect your computer.

It's a big red box reporting "Attack Site." It's not an infection- it's a warning. Suggest you reinstall Firefox when we're finished and not try to access this site, whatever it it. I should be able to tell more after I get the AV scan. I think Avast or Avira is a bit better than AVG.