TechSpot

Win32/Heur & Win/Virut Virus detected by AVG. Need help

By Resist
Jun 27, 2009
  1. Hi, I can't seem to get rid of this win32 heur virus. AVG 8 keeps detecting a threat, but there is a continuous stream of threats from almost all of my programs. It seems as if the virus is spreading. Please help me.:(

    I have provided the following logs that were requested
    1) Malwarebytes Anti Malware log
    2) SuperAntiSpyware log
    3) Hijackthis log
     
  2. ChrisDown

    ChrisDown TS Rookie Posts: 125

    I'm interested by these, although I'm not sure they're actually malware:

    Code:
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
    Please download LSP-fix and remove those entries, unless you have a reason to believe that they should be there. I would suggest that you then reboot and attempt to rename inethttpfilter.dll to something else.
     
  3. Resist

    Resist TS Rookie Topic Starter

    I ran the LSPFix however, it was shown that No problems found. I will try renaming the file and rebooting. Can i ask, I searched into that directory, but there was only 1 file called "inethttpfilter.dll", but in the log, why is it shown 4 times?
     
  4. ChrisDown

    ChrisDown TS Rookie Posts: 125

    It is shown four times because it is in Winsock four times. :)
     
  5. Resist

    Resist TS Rookie Topic Starter

    Ok. I tried renaming it but when i log in from the restart of PC, it says An unauthorized change in windows has occured so it just logged off. I had to enter safe mode to change it back, in which now I can log on. But I still have the Win32/Heur and Win32/Virut detected from AVG 8.5 Free.

    I've also tried running CCleaner many times.
     
  6. ChrisDown

    ChrisDown TS Rookie Posts: 125

    That's a bit weird, as far as I am aware, inethttpfilter is not a part of windows itself.

    Which files is AVG detecting as infected?
     
  7. Resist

    Resist TS Rookie Topic Starter

    There are a load of infected files in the Virus Fault. Do you have any idea how i can post them?
     
  8. ChrisDown

    ChrisDown TS Rookie Posts: 125

    You could take some screenshots of the vault using print screen. If you don't know how, this explains it. :)
     
  9. Resist

    Resist TS Rookie Topic Starter

    Ok i've uploaded a pic of the infections. I hope this helps.
     
  10. ChrisDown

    ChrisDown TS Rookie Posts: 125

    I think you have Smitfraud. I see you have Smitfraudfix on your system which has, unfortunately, also been infected.

    Lets try ComboFix. First, go into Safe Mode with Networking from your boot menu (usually F8). Then, download ComboFix from here, and save it to the Desktop.

    Do not click on the ComboFix window whilst it runs, as it may stall. Once ComboFix is done, please upload the log.

    Thanks. :)
     
  11. Resist

    Resist TS Rookie Topic Starter

    I had this weird thing pop-up when i ran VundoFIx. It is shown in the screenshot provided
     
     
  12. ChrisDown

    ChrisDown TS Rookie Posts: 125

    Ah, Virut. Dr. Web has always been of assistance in cases like these, at least for me. After you've done the business with it, please do the 8-steps again and repost the three logs.

    http://www.freedrweb.com/livecd :)
     
  13. Resist

    Resist TS Rookie Topic Starter

    Hi, sorry for the late reply. This is because of the DrWeb scanning taking surprisingly long. However, as you said, it got rid of Win32/Virut and I managed to run ComboFix in safe mode. I'll post the log later when Malwarebytes, SuperAntispyware and HIJackThis have finished. Do you want the log from DrWeb scan that i made? It found over 1,000 infections. Thankfully, they were all cured or moved/deleted. I'll have to reinstall some of my software though, since some of the .exe's were deleted during the scan, but thats not a problem as long as i get rid of this virus.
     
  14. ChrisDown

    ChrisDown TS Rookie Posts: 125

    Any logs you've got would be appreciated, a new HijackThis log would be good too. :)
     
  15. Resist

    Resist TS Rookie Topic Starter

    I haved posted all the logs that I have got from all the scanners. AVG is detecting a lot less viruses, but I still get the occasional Win32/Heur. Please take a look at my logs to see if you find anything that looks like it may be the cause of this. Thanks
     
  16. Resist

    Resist TS Rookie Topic Starter

    I've just figured out, whenever I enter my Windows directory, AVG detects more cases of Win32/Virut. It keeps returning whenever cure the files with DrWeb > <
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.