Help whats this

[carlarog1]

hi guys ,

found this site while looking up the win32 Heur that AVg popped up this morning ...comp doing all the things that go with it redirecting browser , flashing security alerts that look real etc ..then popped up on my descktop a note pad from java say a fatal error has been detected and loads of log info ..top says hs_err_pid8012-notepad ...seen a few posts on here that show the error logging info on AVG am unsure how to get this up. I am savy enough to follow instructions and look up the info, but not a proper tech head so go easy on me I am always scared that I will do something wrong so would rather take advice from those that know. Oh my operating sy

 

[Bobbye]

Welcome to TechSpot! I'll help you with the malware. The find of Wine32/Heur with AVG is usually a sign of malware infection from Virut, so we'll screen for that first:

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  • c:\windows\system32\userinit.exe
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Also scan these,

C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe


After I see that report, I'll have a better idea of what to do next. The nature of Virut is so invasive that we usually recommend a reformat/reinstall right off instead of trying to clean it. This scan will let us know if you have-or don't have the Virus infection. But let's check to make sure:

In the meantime, you could begin doing this:

• Backup all your documents and important items only.
• DON'T backup any executable files (,exe .scr .html or .htm)
• DON'T back up compressed files (zip/cab/rar) that may contain .exe or .scr files

 

[carlarog1]

Thanks Bobbye ,
did as you asked couldn't copy from clip board does not seem to be working as should so copied and pasted as seen. The first came back as detailed the others that you said to do also were and scanned came back clear .

only just had my computer reformatted during a process to find some problems it's been running brill untill now. My hubby went to pkr poker yesterday and it's been doing this since then. AVG is popping up a trojan warning every five minutes .




VirSCAN.org Scanned Report :
Scanned time : 2010/03/28 16:36:05 (BST)
Scanner results: 28% Scanner(s) (10/36) found malware!
File Name : userinit.exe
File Size : 49152 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 243d278db19c7b103d0e2b9d1a08e4aa
SHA1 : 445875511bd83ca8aaec0f66e726f2ecbf6cea4e
Online report : http://virscan.org/report/3e11ede19fe1b78322f26ad5aa20eb92.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100328073120 2010-03-28 4.73 Trojan.Agent2!IK
AhnLab V3 2010.03.27.00 2010.03.27 2010-03-27 1.04 -
AntiVir 8.2.1.204 7.10.5.241 2010-03-26 0.27 W32/Virut.Gen
Antiy 2.0.18 20100326.4086645 2010-03-26 0.12 -
Arcavir 2009 201003270926 2010-03-27 0.04 -
Authentium 5.1.1 201003280257 2010-03-28 1.43 -
AVAST! 4.7.4 100328-0 2010-03-28 0.01 -
AVG 8.5.720 271.1.1/2775 2010-03-28 1.57 -
BitDefender 7.81008.5554800 7.30989 2010-03-28 4.73 Win32.Virtob.Gen.12
ClamAV 0.95.3 10641 2010-03-28 0.02 -
Comodo 3.13.579 4409 2010-03-27 1.23 -
CP Secure 1.3.0.5 2010.03.28 2010-03-28 0.05 -
Dr.Web 5.0.1.12222 2010.03.28 2010-03-28 6.40 Win32.Virut.56
F-Prot 4.4.4.56 20100327 2010-03-27 1.39 -
F-Secure 7.02.73807 2010.03.28.02 2010-03-28 0.23 -
Fortinet 4.0.14 11.628 2010-03-28 0.19 -
GData 19.10886/19.846 20100328 2010-03-28 5.70 -
ViRobot 20100327 2010.03.27 2010-03-27 0.41 -
Ikarus T3.1.01.80 2010.03.28.75496 2010-03-28 5.43 Trojan.Agent2
JiangMin 13.0.900 2010.03.27 2010-03-27 5.25 -
Kaspersky 5.5.10 2010.03.28 2010-03-28 0.16 -
KingSoft 2009.2.5.15 2010.3.28.20 2010-03-28 0.66 -
McAfee 5.3.00 5933 2010-03-27 3.78 -
Microsoft 1.5605 2010.03.28 2010-03-28 7.86 Virus:Win32/Virut.BN
Norman 6.04.10 6.04.00 2010-03-24 6.01 -
Panda 9.05.01 2010.03.28 2010-03-28 1.81 Suspicious file
Trend Micro 9.120-1004 6.956.06 2010-03-28 0.03 PE_VIRUX.R
Quick Heal 10.00 2010.03.27 2010-03-27 1.49 W32.Virut.G
Rising 20.0 22.40.06.04 2010-03-28 1.35 -
Sophos 3.05.4 4.51 2010-03-28 3.81 -
Sunbelt 3.9.2412.2 6101 2010-03-26 4.02 Virus.Win32.Virut.ce (v)
Symantec 1.3.0.24 20100327.003 2010-03-27 0.05 -
nProtect 20100328.01 7870227 2010-03-28 4.52 -
The Hacker 6.5.2.0 v00246 2010-03-27 0.70 -
VBA32 3.12.12.2 20100326.1147 2010-03-26 2.74 -
VirusBuster 4.5.11.10 10.122.17/2005647 2010-03-27 2.32 -

 

[Bobbye]

Sorry to tell you this, but he should have stayed away from the poker party! The system has a Virut infection: Almost every system where AVG has come up with the Win32/Heur infection, has Virut. That's why I check at the beginning instead of wasting time trying to clean it.

Virut is a Polymorphic File Infector that infects ..exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine. It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker

Good explanation here:
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html


Change all of your passwords and monitor any online transactions.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

* Backup all your documents and important items only.
* DON'T backup any executable files (,exe .scr .html or .htm)
* DON'T back up compressed files (zip/cab/rar) that may contain .exe or .scr files

You will ind excellent reformat/reinstall instructions heere:
http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html