TechSpot

I Followed the 8 step Viruses/Spyware/Malware Preliminary Removal

By macca7
Jun 20, 2009
Topic Status:
Not open for further replies.
  1. Hi I am new to all this but today I was on the net and AVG 8 discovered that I had w32/heur. It then found that I had w32.virut. I have used the virut removal tool from AVG but it then said that I still had both infections. I read that I should remove AVG and install AVIRA. So did uninstall and tried to complete the AVIRA install but to no avail. Decided to give your 8 step removal a go as I can't seem to get access to any known antivirus company sites. Even to the point that when i was downloading some of the tools in the 8 step removal I had to download from File.Hippo as couldn't get them through the links you provided.

    Attached is the logs and I now have no antivirus or firewall.

    Please help me asap.
     
  2. macca7

    macca7 TS Rookie Topic Starter

    Sorry also meant to tell you that whenever the system is rebooted it makes me logon which I have never needed or wanted it to do.

    Macca
     
  3. macca7

    macca7 TS Rookie Topic Starter

    Can anybody help?
     
  4. touch

    touch TS Rookie Posts: 978

    Hello macca7

    Please download combofix here ->
    ComboFix
    Before Saving it to Desktop, please rename it to 123.com to stop malware from disabling it.

    Now, please make sure no other programs are running, close all other windows.

    Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
    Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
    It may take a while to complete scanning and this is normal.

    You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
    scanning has completed.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
     
  5. macca7

    macca7 TS Rookie Topic Starter

    Touch,

    Clicked on the link and changed the file to save as 123.com on to the desktop. Double clicked and clicked on run to begin. It had combofix come up in a very small window in the middle of the screen and then came up with an error saying please download a new copy from bleedingcomputer.com as this one was corrupted and something about virut virus then the only option was ok.

    Now what?
     
  6. touch

    touch TS Rookie Posts: 978

    We´ll try this scanner ->

    Please download DDS: Here
    to your Desktop and doubleclick on DDs.scr to run it.
    If your security software includes script blocking features, please disable these before you run this utility.
    When the scan has finished, two logs will open.
    (DDS.txt
    Attach.txt)


    Attach both reports in this topic.
     
  7. macca7

    macca7 TS Rookie Topic Starter

    here are the logs
     
  8. touch

    touch TS Rookie Posts: 978

    Please download Avenger: Here by Swandog46 to your Desktop.
    Click on Avenger.zip to open the file
    Extract avenger2.exe to your desktop

    Start Avenger


    Copy/Paste all the text in the above quote box into the main window
    Click Execute

    The Avenger will automatically do the following:
    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)

    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions.

    This log file will be located at C:\avenger.txt

    Post C:\avenger.txt in next reply.

    NB. If you can run combofix, please post that log as well
     
  9. macca7

    macca7 TS Rookie Topic Starter

    Sorry just tried to add the avenger.txt but it is password protected and somehow managed to delete it as well.

    Can I run it again
     
  10. macca7

    macca7 TS Rookie Topic Starter

    also only restarted system the once
     
  11. macca7

    macca7 TS Rookie Topic Starter

    tried combofix again but got the same error again. exact error reads:

    !! ALERT !! It is NOT SAFE to continue!

    The contents of the ComboFix package has been compromised.
    Please download a fresh copy from:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Note: You may be infected with a file patching virus 'Virut'



    What does that mean? Is my PC doomed??
     
     
  12. touch

    touch TS Rookie Posts: 978

  13. macca7

    macca7 TS Rookie Topic Starter

    cannot find the avira file.

    Internet Explorer keeps coming up with a error when i try to log on to a virus protection site. I think the infection is blocking these sites
     
  14. macca7

    macca7 TS Rookie Topic Starter

    i cannot upload the rundle32 or explorer files. Is it because they are .exe file types
     
  15. touch

    touch TS Rookie Posts: 978

    Ok. Rigtclick on these files:
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\Explorer.EXE

    Properties, and tell if they come from - Microsoft, and Avira ?
     
  16. macca7

    macca7 TS Rookie Topic Starter

    C:\WINDOWS\system32\rundll32.exe Microsoft Corporation
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe Can't find on system
    C:\WINDOWS\Explorer.EXE Microsoft Corporation

    hope this help.

    Also just let you know I can't open any .txt files any many of my .exe files are corrupted
     
  17. touch

    touch TS Rookie Posts: 978

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.