Win32/heur, sin32/virut, Vundo B & Trohan Generic 15. AUWC

By bear
Nov 14, 2009
  1. I download remove virus programme but I could not open and run them. like comboFix & Malwarebytes, and now won't let me open avg web page or other helpful webpage.

    Could not go to safe mode either.

    I am using AVG 8.5 and it is wdw xp

    could not go to helpful website but being hackjact to other malicious page.

    It seems that I could not do anything becasue the registry being infected?

    sorry I don't know any technical term to describe or run the dot programme to show the problem

    Any advice please please, I just get on the internet in 2 days and haven't backed up all my personal file, so worry now....

    If I reinstalled xp, would all my pre-factory installed things like 'nero' gone as well.

    Thanks in advance.
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,233   +234

    "If I reinstalled xp, would all my pre-factory installed things like 'nero' gone as well"...

    Yes, but you may have no other choice... When you reinstall XP please do a full format and not a quick format
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    bear , if you're still having this problem we need to confirm Virut:

    Win32/heur, sin32/virut, Vundo B & Trohan Generic 15. AUWC

    Virut is a Polymorphic File Infector that infects .EXE and .SCR files. It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker

    And I can say anything better or different than what you can read here:

    Change all of your passwords and monitor any online transactions.
    So don't waste you time - Don't look for 'guaranteed removals'- there aren't any.

    Before we can continue please do the following:

    • Make sure to use Internet Explorer for this
    • Please go to FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
      • c:\windows\system32\userinit.exe
    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.
    Also scan these,


    If Virut is confirmed, I will recommend a reformat/reinstall right up front. but if it not confirmed, perhaps we can clean some of it up.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...