[Not curable - Virut] Laptop infected with virus

[carcaptor]

Hello everyone,

My laptop, which I use for personal reasons, seems to be infected with multiple virus. AVG detects Virut, Zbot.G etc but when I try to heal it, AVG automatically exits and then the computer shuts down. When I restart it, Windows asks me for my key and when I enter them, it shows up as fake and then a whole lot of several windows opens up and then my default browser (Google Chrome) opens and tries to connect to some unknown website. Sensing that it may be trying to send information, I immediately removed my ethernet cable and switched off the wifi/bluetooth.

But now I have watermark all over the desktop written in some foreign language, probably Chinese.

I'm at a loss as that computer has all my personal stuff on it - photographs, my university documents etc which is why I can't just simply wipe out all the data and reformat and re-install everything without trying to save them.

Please help!

Thanks,

carcaptor

 

[carcaptor]

I've followed the 5-step Viruses/Spyware/Malware Preliminary Removal Instructions and here are the logs:

===========================================================================================


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8053
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06-11-2011 03:18:29
mbam-log-2011-11-06 (03-18-29).txt

Scan type: Quick scan
Objects scanned: 267580
Time elapsed: 21 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Broni]

AVG detects Virut

I'm afraid I have very bad news.

You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:
*.exe
*.scr
*.htm
*.html
*.xml
*.zip
*.rar
*.doc
*.jpg
*.pdf

Backup all your documents and important items only.
DO NOT backup any files mentioned above.

I suggest you do the following immediately:

* Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
* From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
* DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

To find out more information about how you may have got infected in the first place, you can read this article.

I am sorry I cannot give any better news.

 

[carcaptor]

Thank you for the reply, Broni!

I did a complete reformat and re-install and it took me several days to try and piece everything together, hence the delayed reply here.

Wish I'd been more careful.

 

[Broni]

Thanks for the update