also @ TechSpot: Scientists use heat to store data on magnetic hard drive
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.
Go Back   TechSpot OpenBoards > Tech Support > Virus and Malware Removal
Reload this Page Win32/Heur Help

Download Now:

Win32/Heur Help
Thread Tools Search this Thread
  #1  
Old 12-03-2009
Newcomer, in training
  
Member since: Dec 2009, 2 posts
Win32/Heur Help
I need help in removing Win/32 virus. I am currently using AVG Free 9.0.
  #2  
Old 12-03-2009
Bobbye's Avatar
Helper on the Fringe
  
Location: Florida
Member since: Mar 2007, 15,035 posts
We are finding Virut with most of the AVG Win32/Heur. I'd like you to do the following before we go any further:
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\userinit.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Also scan these,

C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe


Before trying to run any programs, it's better to confirm- or not as soon as possible

Virut is a Polymorphic File Infector that infects ..exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.
It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker

Good explanation here:
http://miekiemoes.blogspot.com/2009/...-throwing.html


Change all of your passwords and monitor any online transactions.

I will know mroe when I see the log.
  #3  
Old 12-03-2009
Newcomer, in training
  
Member since: Dec 2009, 2 posts
userinit scan:

VirSCAN.org Scanned Report :
Scanned time : 2009/12/04 03:15:25 (CST)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 25088 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 0e135526e9785d085bcd9aede6fbcbf9
SHA1 : d15244d41efddbab08d53fe032aedff39091d3af
Online report : http://virscan.org/report/896059006d...d8ad9460c.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091204023237 2009-12-04 4.66 -
AhnLab V3 2009.12.04.00 2009.12.04 2009-12-04 1.61 -
AntiVir 8.2.1.92 7.10.1.164 2009-12-03 0.43 -
Antiy 2.0.18 20091203.3345008 2009-12-03 0.12 -
Arcavir 2009 200912031020 2009-12-03 0.03 -
Authentium 5.1.1 200912022255 2009-12-02 1.33 -
AVAST! 4.7.4 091203-1 2009-12-03 0.01 -
AVG 8.5.288 270.14.91/2542 2009-12-03 0.31 -
BitDefender 7.81008.4683641 7.29278 2009-12-04 4.02 -
CA (VET) 35.1.0 7154 2009-12-02 4.93 -
ClamAV 0.95.2 10109 2009-12-03 0.01 -
Comodo 3.13 3123 2009-12-03 0.95 -
CP Secure 1.3.0.5 2009.12.04 2009-12-04 0.00 -
Dr.Web 4.44.0.9170 2009.12.03 2009-12-03 7.37 -
F-Prot 4.4.4.56 20091202 2009-12-02 1.27 -
F-Secure 7.02.73807 2009.12.03.12 2009-12-03 0.11 -
Fortinet 11.121- 11.121 2009-12-03 0.39 -
GData 19.9149/19.604 20091203 2009-12-03 6.52 -
ViRobot 20091203 2009.12.03 2009-12-03 0.41 -
Ikarus T3.1.01.74 2009.12.03.74642 2009-12-03 4.13 -
JiangMin 13.0.900 2009.12.02 2009-12-02 9.54 -
Kaspersky 5.5.10 2009.12.03 2009-12-03 0.07 -
KingSoft 2009.2.5.15 2009.12.3.20 2009-12-03 0.51 -
McAfee 5.3.00 5821 2009-12-03 3.35 -
Microsoft 1.5302 2009.12.03 2009-12-03 6.96 -
Norman 6.01.09 6.01.00 2009-12-03 2.01 -
Panda 9.05.01 2009.12.03 2009-12-03 2.29 -
Trend Micro 9.000-1003 6.668.05 2009-12-03 0.03 -
Quick Heal 10.00 2009.12.03 2009-12-03 1.29 -
Rising 20.0 22.24.03.06 2009-12-03 1.00 -
Sophos 3.02.0 4.48 2009-12-04 2.66 -
Sunbelt 3.9.2381.2 5541 2009-12-02 1.99 -
Symantec 1.3.0.24 20091203.004 2009-12-03 0.09 -
nProtect 20091203.01 6469758 2009-12-03 4.45 -
The Hacker 6.5.0.2 v00011 2009-09-18 0.83 -
VBA32 3.12.12.0 20091202.2156 2009-12-02 2.28 -
VirusBuster 4.5.11.10 10.114.8/1990116 2009-12-03 2.37 -

explorer.exe scan:

VirSCAN.org Scanned Report :
Scanned time : 2009/12/04 03:24:25 (CST)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 2927104 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 4f554999d7d5f05daaebba7b5ba1089d
SHA1 : e509a42554cc0e5888ac8bf494d3c02223238609
Online report : http://virscan.org/report/091421e77a...54c858c72.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091204023237 2009-12-04 4.07 -
AhnLab V3 2009.12.04.00 2009.12.04 2009-12-04 1.02 -
AntiVir 8.2.1.92 7.10.1.164 2009-12-03 0.95 -
Antiy 2.0.18 20091203.3345008 2009-12-03 0.45 -
Arcavir 2009 200912031020 2009-12-03 0.23 -
Authentium 5.1.1 200912022255 2009-12-02 2.74 -
AVAST! 4.7.4 091203-1 2009-12-03 0.11 -
AVG 8.5.288 270.14.91/2542 2009-12-03 0.35 -
BitDefender 7.81008.4683641 7.29278 2009-12-04 4.01 -
CA (VET) 35.1.0 7154 2009-12-02 10.60 -
ClamAV 0.95.2 10109 2009-12-03 0.33 -
Comodo 3.13 3123 2009-12-03 0.99 -
CP Secure 1.3.0.5 2009.12.04 2009-12-04 0.00 -
Dr.Web 4.44.0.9170 2009.12.03 2009-12-03 7.47 -
F-Prot 4.4.4.56 20091202 2009-12-02 2.48 -
F-Secure 7.02.73807 2009.12.03.12 2009-12-03 0.16 -
Fortinet 11.121- 11.121 2009-12-03 0.38 -
GData 19.9149/19.604 20091203 2009-12-03 5.47 -
ViRobot 20091203 2009.12.03 2009-12-03 1.31 -
Ikarus T3.1.01.74 2009.12.03.74642 2009-12-03 4.40 -
JiangMin 13.0.900 2009.12.02 2009-12-02 28.81 -
Kaspersky 5.5.10 2009.12.03 2009-12-03 0.08 -
KingSoft 2009.2.5.15 2009.12.3.20 2009-12-03 0.70 -
McAfee 5.3.00 5821 2009-12-03 3.39 -
Microsoft 1.5302 2009.12.03 2009-12-03 11.56 -
Norman 6.01.09 6.01.00 2009-12-03 2.01 -
Panda 9.05.01 2009.12.03 2009-12-03 4.21 -
Trend Micro 9.000-1003 6.668.05 2009-12-03 0.06 -
Quick Heal 10.00 2009.12.03 2009-12-03 2.87 -
Rising 20.0 22.24.03.06 2009-12-03 1.66 -
Sophos 3.02.0 4.48 2009-12-04 2.64 -
Sunbelt 3.9.2381.2 5541 2009-12-02 3.71 -
Symantec 1.3.0.24 20091203.004 2009-12-03 0.17 -
nProtect 20091203.01 6469758 2009-12-03 4.74 -
The Hacker 6.5.0.2 v00011 2009-09-18 1.14 -
VBA32 3.12.12.0 20091202.2156 2009-12-02 3.10 -
VirusBuster 4.5.11.10 10.114.8/1990116 2009-12-03 3.18 -

svchost.exe scan:

VirSCAN.org Scanned Report :
Scanned time : 2009/12/04 03:28:15 (CST)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 21504 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 3794b461c45882e06856f282eef025af
SHA1 : bf15549a7ec01ac505ccac036aba5b9bae688135
Online report : http://virscan.org/report/22f0c133e7...1644f318d.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091204023237 2009-12-04 4.45 -
AhnLab V3 2009.12.04.00 2009.12.04 2009-12-04 1.16 -
AntiVir 8.2.1.92 7.10.1.164 2009-12-03 1.93 -
Antiy 2.0.18 20091203.3345008 2009-12-03 0.12 -
Arcavir 2009 200912031415 2009-12-03 0.03 -
Authentium 5.1.1 200912022255 2009-12-02 1.24 -
AVAST! 4.7.4 091203-1 2009-12-03 0.01 -
AVG 8.5.288 270.14.91/2542 2009-12-03 0.31 -
BitDefender 7.81008.4684668 7.29280 2009-12-04 4.90 -
CA (VET) 35.1.0 7154 2009-12-02 6.03 -
ClamAV 0.95.2 10109 2009-12-03 0.01 -
Comodo 3.13 3123 2009-12-03 0.93 -
CP Secure 1.3.0.5 2009.12.04 2009-12-04 0.00 -
Dr.Web 4.44.0.9170 2009.12.03 2009-12-03 7.37 -
F-Prot 4.4.4.56 20091203 2009-12-03 1.24 -
F-Secure 7.02.73807 2009.12.03.12 2009-12-03 0.11 -
Fortinet 11.121- 11.121 2009-12-03 0.22 -
GData 19.9149/19.604 20091203 2009-12-03 7.25 -
ViRobot 20091203 2009.12.03 2009-12-03 0.42 -
Ikarus T3.1.01.74 2009.12.03.74642 2009-12-03 4.18 -
JiangMin 13.0.900 2009.12.02 2009-12-02 5.12 -
Kaspersky 5.5.10 2009.12.03 2009-12-03 0.07 -
KingSoft 2009.2.5.15 2009.12.3.20 2009-12-03 0.52 -
McAfee 5.3.00 5821 2009-12-03 3.29 -
Microsoft 1.5302 2009.12.03 2009-12-03 8.27 -
Norman 6.01.09 6.01.00 2009-12-03 8.01 -
Panda 9.05.01 2009.12.03 2009-12-03 2.71 -
Trend Micro 9.000-1003 6.668.05 2009-12-03 0.03 -
Quick Heal 10.00 2009.12.03 2009-12-03 1.26 -
Rising 20.0 22.24.03.06 2009-12-03 1.10 -
Sophos 3.02.0 4.48 2009-12-04 2.75 -
Sunbelt 3.9.2381.2 5541 2009-12-02 2.18 -
Symantec 1.3.0.24 20091203.004 2009-12-03 0.05 -
nProtect 20091203.01 6469758 2009-12-03 3.90 -
The Hacker 6.5.0.2 v00011 2009-09-18 0.86 -
VBA32 3.12.12.0 20091202.2156 2009-12-02 2.20 -
VirusBuster 4.5.11.10 10.114.8/1990116 2009-12-03 2.37 -
  #4  
Old 12-03-2009
Bobbye's Avatar
Helper on the Fringe
  
Location: Florida
Member since: Mar 2007, 15,035 posts
That's good news! Now you go back to the beginning.

Please follow that steps in our Virus and Malware Removal thread HERE.

Be sure to check the lines in both Malwarebytes and Superantispyware to remove the entries they find.
don't remove anything in HijackThis yet- we'll help with that.

It would also be helpful to know what system problems you're having and what operating system you're using.

When you have finished, please lattach the logs to your next reply. They wi;ll be reviewed to find and remove the source of the malware.
Closed Thread

Similar Topics
Topic Replies Forum
Win32/Heur and Win32/Alureon - still here after 8-step process followed 8 Virus and Malware Removal
Win32/heur 3 Virus and Malware Removal
AVG and Win32/Heur 0 Virus and Malware Removal
Win32/heur and win32/Tanatos.J - corrupted the computer 4 Virus and Malware Removal
Win32/heur please help 4 Virus and Malware Removal

Thread Tools Search this Thread
Search this Thread:

Advanced Search
All times are GMT -4. The time now is 02:38 PM.