Can't access AVG, Microsoft nor spyware sites, can't update malwarebytes

S

synno

Hi,

This seems like a very worthy site so I'll try my luck here. Hope someone can help me. AVG detected serious threats like win32 heur and virut, so after unsuccessfully trying to install Spyware Doctor (couldn't update so couldn't install properly), paid for and running Antispyware (useless!) and following the 8-step instructions I found here, I still can't access sites like microsoft, avg, anything with malware or spyware in the name, malwarebytes (for an update). Moreover, I can only open Chrome with the --no sandbox option (not a good thing to do, apparently). IE opens but crashes. And viruses continue to be detected!
I'm running Vista/SP2.
Looking forward to any advice I get.
Cheers,
 
Welcome to TechSpot, synno. I'll help guide you with the malware.

Let's check right up front for Virut:

Virut is a Polymorphic File Infector that infects .EXE and .SCR files. It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker

And I can say anything better or different than what you can read here:
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

Change all of your passwords and monitor any online transactions.
So don't waste you time - Don't look for 'guaranteed removals'- there aren't any.

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\userinit.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Also scan these,

C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe


When I see the results, I will determine whether to recommend a reformat/reinstall.
 
Thanks a million for getting back to me.
I tried accessing virscan.org from IE, but had to give up after a dozen attempts because IE always fails to respond and just stops running straightaway.
I uploaded the userinit.exe to the site from Chrome and the log is posted here.


VirSCAN.org Scanned Report :
Scanned time : 2009/11/11 20:58:08 (CET)
Scanner results: 38% Scanner(s) (14/37) found malware!
File Name : userinit.exe
File Size : 45056 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : c459c98de06fbd56d8fbaa242635296d
SHA1 : 90124405d88d458b8d3739a0d7216b6775d25533
Online report : http://virscan.org/report/88f17a01661f0dfef8985a50941a18da.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091111183445 2009-11-11 4.19 -
AhnLab V3 2009.11.12.00 2009.11.12 2009-11-12 1.02 -
AntiVir 8.2.1.65 7.1.6.223 2009-11-11 0.19 W32/Virut.Gen
Antiy 2.0.18 20091105.3216324 2009-11-05 0.12 -
Arcavir 2009 200911110132 2009-11-11 0.04 -
Authentium 5.1.1 200911111347 2009-11-11 1.22 W32/Virut.AI!Generic (Heuristic)
AVAST! 4.7.4 091111-0 2009-11-11 0.01 -
AVG 8.5.288 270.14.60/2496 2009-11-11 1.47 -
BitDefender 7.81008.4523818 7.28875 2009-11-12 3.95 -
CA (VET) 35.1.0 7115 2009-11-11 6.14 -
ClamAV 0.95.2 10013 2009-11-11 0.02 -
Comodo 3.12 2920 2009-11-11 0.91 -
CP Secure 1.3.0.5 2009.11.11 2009-11-11 0.06 -
Dr.Web 4.44.0.9170 2009.11.11 2009-11-11 6.60 Win32.Virut.56
F-Prot 4.4.4.56 20091111 2009-11-11 1.22 Possible W32/Virut.AI!Generic
F-Secure 7.02.73807 2009.11.11.12 2009-11-11 0.11 Virus.Win32.Virut.ce [AVP]
Fortinet 2.81-3.120 11.48 2009-11-11 0.30 -
GData 19.8805/19.552 20091111 2009-11-11 5.52 Virus.Win32.Virut.ce [Engine:A]
ViRobot 20091111 2009.11.11 2009-11-11 0.41 -
Ikarus T3.1.01.74 2009.11.11.74508 2009-11-11 4.56 -
JiangMin 11.0.800 2009.11.11 2009-11-11 4.02 -
Kaspersky 5.5.10 2009.11.11 2009-11-11 0.06 Virus.Win32.Virut.ce
KingSoft 2009.2.5.15 2009.11.11.20 2009-11-11 0.51 Win32.Virut.cr.61440
McAfee 5.3.00 5799 2009-11-11 3.46 New Win32.g2
Microsoft 1.5202 2009.11.11 2009-11-11 6.46 -
Norman 6.01.09 6.01.00 2009-11-10 4.00 -
Panda 9.05.01 2009.11.11 2009-11-11 2.84 Suspicious file
Trend Micro 8.700-1004 6.620.02 2009-11-11 0.08 PE_VIRUX.GEN-1
Quick Heal 10.00 2009.11.11 2009-11-11 1.42 W32.Virut.G
Rising 20.0 22.21.02.09 2009-11-11 1.22 Win32.Infected.GEN [Suspicious]
Sophos 3.00.1 4.46 2009-11-12 3.00 -
Sunbelt 5503 5503 2009-11-11 1.65 Virus.Win32.Virut.ce (v)
Symantec 1.3.0.24 20091111.006 2009-11-11 0.05 -
nProtect 20091111.01 6164553 2009-11-11 3.60 -
The Hacker 6.5.0.2 v00066 2009-11-11 0.75 -
VBA32 3.12.10.11 20091111.1459 2009-11-11 1.99 -
VirusBuster 4.5.11.10 10.113.14/2001197 2009-11-12 2.98 -


Here's the explorer.exe scan output:

VirSCAN.org Scanned Report :
Scanned time : 2009/11/11 21:09:24 (CET)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 2926592 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : d07d4c3038f3578ffce1c0237f2a1253
SHA1 : 4b3bd605b63749ff255e048ca6f27aff95aec24a
Online report : http://virscan.org/report/5907a0d36e1d95cbc7f49c156612cc4a.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091111183445 2009-11-11 4.01 -
AhnLab V3 2009.11.12.00 2009.11.12 2009-11-12 1.02 -
AntiVir 8.2.1.65 7.1.6.223 2009-11-11 0.43 -
Antiy 2.0.18 20091105.3216324 2009-11-05 0.12 -
Arcavir 2009 200911110132 2009-11-11 0.09 -
Authentium 5.1.1 200911111347 2009-11-11 1.21 -
AVAST! 4.7.4 091111-0 2009-11-11 0.11 -
AVG 8.5.288 270.14.60/2496 2009-11-11 0.34 -
BitDefender 7.81008.4523818 7.28875 2009-11-12 3.94 -
CA (VET) 35.1.0 7115 2009-11-11 8.65 -
ClamAV 0.95.2 10013 2009-11-11 0.32 -
Comodo 3.12 2920 2009-11-11 0.74 -
CP Secure 1.3.0.5 2009.11.11 2009-11-11 0.47 -
Dr.Web 4.44.0.9170 2009.11.11 2009-11-11 6.60 -
F-Prot 4.4.4.56 20091111 2009-11-11 1.19 -
F-Secure 7.02.73807 2009.11.11.12 2009-11-11 0.13 -
Fortinet 2.81-3.120 11.48 2009-11-11 0.34 -
GData 19.8805/19.552 20091111 2009-11-11 5.46 -
ViRobot 20091111 2009.11.11 2009-11-11 0.46 -
Ikarus T3.1.01.74 2009.11.11.74508 2009-11-11 4.14 -
JiangMin 11.0.800 2009.11.11 2009-11-11 4.11 -
Kaspersky 5.5.10 2009.11.11 2009-11-11 0.07 -
KingSoft 2009.2.5.15 2009.11.11.20 2009-11-11 0.65 -
McAfee 5.3.00 5799 2009-11-11 3.42 -
Microsoft 1.5202 2009.11.11 2009-11-11 6.35 -
Norman 6.01.09 6.01.00 2009-11-10 4.00 -
Panda 9.05.01 2009.11.11 2009-11-11 2.80 -
Trend Micro 8.700-1004 6.620.02 2009-11-11 0.03 -
Quick Heal 10.00 2009.11.11 2009-11-11 2.01 -
Rising 20.0 22.21.02.09 2009-11-11 1.00 -
Sophos 3.00.1 4.46 2009-11-12 3.04 -
Sunbelt 5503 5503 2009-11-11 1.68 -
Symantec 1.3.0.24 20091111.006 2009-11-11 0.16 -
nProtect 20091111.01 6164553 2009-11-11 3.73 -
The Hacker 6.5.0.2 v00066 2009-11-11 0.82 -
VBA32 3.12.10.11 20091111.1459 2009-11-11 2.22 -
VirusBuster 4.5.11.10 10.113.14/2001197 2009-11-12 3.06 -


And finally, for svchost.exe:

VirSCAN.org Scanned Report :
Scanned time : 2009/11/11 21:12:59 (CET)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 21504 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 3794b461c45882e06856f282eef025af
SHA1 : bf15549a7ec01ac505ccac036aba5b9bae688135
Online report : http://virscan.org/report/edb813f60e67bdb28942e17a2b94781c.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091111183445 2009-11-11 3.93 -
AhnLab V3 2009.11.12.00 2009.11.12 2009-11-12 0.98 -
AntiVir 8.2.1.65 7.1.6.223 2009-11-11 0.50 -
Antiy 2.0.18 20091105.3216324 2009-11-05 0.12 -
Arcavir 2009 200911110132 2009-11-11 0.03 -
Authentium 5.1.1 200911111347 2009-11-11 1.24 -
AVAST! 4.7.4 091111-0 2009-11-11 0.01 -
AVG 8.5.288 270.14.60/2496 2009-11-11 0.30 -
BitDefender 7.81008.4523818 7.28875 2009-11-12 4.01 -
CA (VET) 35.1.0 7115 2009-11-11 5.35 -
ClamAV 0.95.2 10013 2009-11-11 0.01 -
Comodo 3.12 2920 2009-11-11 0.72 -
CP Secure 1.3.0.5 2009.11.11 2009-11-11 0.04 -
Dr.Web 4.44.0.9170 2009.11.11 2009-11-11 6.62 -
F-Prot 4.4.4.56 20091111 2009-11-11 1.21 -
F-Secure 7.02.73807 2009.11.11.12 2009-11-11 0.10 -
Fortinet 2.81-3.120 11.48 2009-11-11 0.26 -
GData 19.8805/19.552 20091111 2009-11-11 5.59 -
ViRobot 20091111 2009.11.11 2009-11-11 0.42 -
Ikarus T3.1.01.74 2009.11.11.74508 2009-11-11 4.07 -
JiangMin 11.0.800 2009.11.11 2009-11-11 7.58 -
Kaspersky 5.5.10 2009.11.11 2009-11-11 0.07 -
KingSoft 2009.2.5.15 2009.11.11.20 2009-11-11 0.57 -
McAfee 5.3.00 5799 2009-11-11 3.43 -
Microsoft 1.5202 2009.11.11 2009-11-11 6.32 -
Norman 6.01.09 6.01.00 2009-11-10 4.01 -
Panda 9.05.01 2009.11.11 2009-11-11 2.08 -
Trend Micro 8.700-1004 6.620.02 2009-11-11 0.03 -
Quick Heal 10.00 2009.11.11 2009-11-11 1.21 -
Rising 20.0 22.21.02.09 2009-11-11 0.96 -
Sophos 3.00.1 4.46 2009-11-12 3.01 -
Sunbelt 5503 5503
Symantec 1.3.0.24 20091111.006
nProtect 20091111.01 6164553
The Hacker 6.5.0.2 v00066
VBA32 3.12.10.11 20091111.1459
VirusBuster 4.5.11.10 10.113.14/2001197



Thanks again!
 
Not much doubt about that!

What is Userinit?

Specifies the programs that Winlogon runs when a user logs on. By default, Winlogon runs Userinit.exe, which runs logon scripts, reestablishes network connections, and then starts Explorer.exe, the Windows user interface.

Purpose of this file:
Userinit.exe is a program that most likely has been on your computer since the day you purchased it.
Userinit is a system related module that has many important tasks. This program performs many system related functions, and it is required for a stable system. One of the main purposes of userinit.exe is to start the windows shell program, which is a critical piece of your Windows operating system.
Click to expand...

So having the Virut infection in this process means that everytime you logon, it spreads. Most of us don't attempt to remove it because:
Virut is a Polymorphic File Infector that infects .EXE and .SCR files. It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker

And I can say anything better or different than what you can read here:
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html


Change all of your passwords and monitor any online transactions.

Recommend you reformat and reinstall ASAP.

Wish the news was better.
 
Thanks for taking a look. After reading up on the virus, I'd resigned myself to having to reformat and reinstall, and as I was thinking of migrating from Vista to W7, this looks like a good time to do so.
Bad karma to the people who created these monsters!
 
You're welcome. I always hate to give this news but it's better to do the reformat/reinstall right up front instead of letting Virut do any more damage.

I think we would all wish the bad karma on those who do this. I have some good tips on staying safe. If you have any way to access and save or print out, I'll give it to you.
 
Bobbye said:
... I have some good tips on staying safe. If you have any way to access and save or print out, I'll give it to you.
Click to expand...

Sure, thanks, please do - I'm certainly more receptive to taking precautions after this episode. :blackeye:
 
Okay, here you go- I recommend all!

Please follow these simple steps to keep your computer clean and secure:
1.Disable and Enable System Restore: This will help you to drop the old restore points and set a new, clean one:

System Restore Guide

2.Stay current on updates:
  • Visit the Microsoft Download Sitefrequently.
    You should get All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista> SP1
  • Visit this site[Adobe Readeroften and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
  • Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

3.Make Internet Explorer safer. Follow the suggestions HERE
This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

4.Remove Temporary Internet Files regularly: Use5. Use an AntiVirus Software(only one)
6.Use a good, bi-directional firewall(one software firewall)
[*]See Understanding and Using Firewalls including links to download a firewall.

7.Consider these programs for Extra Security
  • Spywareblaster:
  • SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
  • IE/Spyad
  • This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  • Google Toolbar Get the free google toolbar to help stop pop up windows.

If I can be of further assistance, please let me know. Help and support is only given in the forums but you can send a PM to me and bring my attention
back to the thread.
 

Similar threads

yRaz
My current switch from Microsoft to Linux, de-googling my life and what it takes.
Replies
2
Views
3K
yRaz
yRaz
T
  • Locked
Inactive Pup.Optional.Delta not leaving me alone
Replies
9
Views
3K
Broni
Broni
midian182
Microsoft replaces Windows 10 update with one that doesn't kill system performance
2
Replies
32
Views
6K
Knifeman
K

Latest posts

Back