1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Win32/Heur and a sudden day from hell

By rascaluk
Nov 13, 2009
  1. Hi guys, as ever any help appreciated and greatful for advice.

    Yesterday my Win7 install was running fine. Without warning my Windows firewall popped up a box asking me if I wanted to continue blocking a prog I had never heard before. I tried googling it to see what it was and from then all hell's broke loose.

    Pretty much immediately fake spyware / antivirus ads started popping up and my browsers were hijacked and redirecting everything. Then it started blue screen crashing.

    Running a variety of stuff including Malwarebytes in Safe Mode I can now get it to boot into the OS wthout blue screening but the broswer hijacking and the fake ads are still there.

    I installed AVG and this seemed to hack away at some stuf but if I try running it now the scan won't start so I presume it's got to that. It does however load and say a bunch of files are infected with Win32/Heur. I don;t know what other evil lurks.

    I have attached my Hijackthis logs and Malwarebytes. I can't download the SupeAntiSpyware prob because it says the server is down which I am also suspicious of.

    Any steps to get psuedo back to normal greatfully appreciated...

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot, rascaluk. You do have an assortment of malware!

    1.Are you running Windows 7?

    2. Are you using LimeWire or other file sharing music program.

    I'd like you to check for Virut:
    Virut is a Polymorphic File Infector that infects .EXE and .SCR files. It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker

    You might want to read this:

    Change all of your passwords and monitor any online transactions.
    So don't waste you time - Don't look for 'guaranteed removals'- there aren't any.

    Before we 'assume' the worst, I'd like you to do the following:

    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
      • c:\windows\system32\userinit.exe
    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.
    Also scan these,

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...