Bobbye
Posts: 16,313 +36
Where is the log for the Eset scan?We'll see what the online AV scan shows up and go from there.
Please follow that with new HijackScan.
Where is the log for the Eset scan?We'll see what the online AV scan shows up and go from there.
Ok i tried running that website. It wont let me run. Any antivirus scan websites wont work. Where as every other one is fine like google etc. When i tried running, avast picked up id12.exe as a Win32:JunkPoly [Cryp]
When i was running, IExplorer, a few applications started terminating itself. Also the short cuts on my quick launch bar, such as show desktop and windows media player is gone now. So i dont know whats going on
Once copied, i renamed it to asd.exe. Reply #12
You missed the point here. IF you do have Virut, putting a file extension of .exe on will allow Virus to infect it!
!! ALERT !! it is not safe to continue. The contents of the combofix package have been compromised. Reply #15
So you get this message because it is infected.
i uninstalled AVG. And installed the avast antivirus one instead, and updated it. Is that ok? Reply #19
Yes, it's okay. But you said you couldn't get on any AV sites! IF you got Avast, do a full system scan, save it and attach it.
Sorry about the delay bobbye. But here are the log files for my avast scan and HJT
There are few entries when scanned by HJT that came up with file missing, after i ticked them and click fixed checked. They still reappear.
But here they are, the avast scan seems to not pick up any virut infections. I guess thats a good sign?
Ok the avast log wont upload, apparently the file is too big. So i uploaded it to fileden.
Here is the link to it
http://www.fileden.com/getfile.php?...eden.com/files/2006/10/2/255544/Avast Log.txt
Overview -
W32/Virut.a is an appending virus. This file infector infects .exe and .scr files by attaching its encrypted code to the end of the file.
The encrypted code contains IRCBot functionality.
Characteristics -
WhenW32/Virut.a is executed it injects it's code into all running processes
W32/Virut.a opens up backdoor at port 65520 on the compromised machine.
This virus tries to connect to IRC servers located at :
* proxima.ircgalaxy.