I need help in removing Win/32 virus. I am currently using AVG Free 9.0.
Win32/Heur Help
- Thread starter Kadersalad
- Start date
- Status
Bobbye
Posts: 16,313 +36
We are finding Virut with most of the AVG Win32/Heur. I'd like you to do the following before we go any further:
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
Before trying to run any programs, it's better to confirm- or not as soon as possible
Virut is a Polymorphic File Infector that infects ..exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.
It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker
Good explanation here:
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
Change all of your passwords and monitor any online transactions.
I will know mroe when I see the log.
- Make sure to use Internet Explorer for this
- Please go to VirSCAN.org FREE on-line scan service
- Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- c:\windows\system32\userinit.exe
- Click on the Upload button
- If a pop-up appears saying the file has been scanned already, please select the ReScan button.
- Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
- Paste the contents of the Clipboard in your next reply.
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
Before trying to run any programs, it's better to confirm- or not as soon as possible
Virut is a Polymorphic File Infector that infects ..exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.
It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker
Good explanation here:
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
Change all of your passwords and monitor any online transactions.
I will know mroe when I see the log.
userinit scan:
VirSCAN.org Scanned Report :
Scanned time : 2009/12/04 03:15:25 (CST)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 25088 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 0e135526e9785d085bcd9aede6fbcbf9
SHA1 : d15244d41efddbab08d53fe032aedff39091d3af
Online report : http://virscan.org/report/896059006db5f44acebb4b8d8ad9460c.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091204023237 2009-12-04 4.66 -
AhnLab V3 2009.12.04.00 2009.12.04 2009-12-04 1.61 -
AntiVir 8.2.1.92 7.10.1.164 2009-12-03 0.43 -
Antiy 2.0.18 20091203.3345008 2009-12-03 0.12 -
Arcavir 2009 200912031020 2009-12-03 0.03 -
Authentium 5.1.1 200912022255 2009-12-02 1.33 -
AVAST! 4.7.4 091203-1 2009-12-03 0.01 -
AVG 8.5.288 270.14.91/2542 2009-12-03 0.31 -
BitDefender 7.81008.4683641 7.29278 2009-12-04 4.02 -
CA (VET) 35.1.0 7154 2009-12-02 4.93 -
ClamAV 0.95.2 10109 2009-12-03 0.01 -
Comodo 3.13 3123 2009-12-03 0.95 -
CP Secure 1.3.0.5 2009.12.04 2009-12-04 0.00 -
Dr.Web 4.44.0.9170 2009.12.03 2009-12-03 7.37 -
F-Prot 4.4.4.56 20091202 2009-12-02 1.27 -
F-Secure 7.02.73807 2009.12.03.12 2009-12-03 0.11 -
Fortinet 11.121- 11.121 2009-12-03 0.39 -
GData 19.9149/19.604 20091203 2009-12-03 6.52 -
ViRobot 20091203 2009.12.03 2009-12-03 0.41 -
Ikarus T3.1.01.74 2009.12.03.74642 2009-12-03 4.13 -
JiangMin 13.0.900 2009.12.02 2009-12-02 9.54 -
Kaspersky 5.5.10 2009.12.03 2009-12-03 0.07 -
KingSoft 2009.2.5.15 2009.12.3.20 2009-12-03 0.51 -
McAfee 5.3.00 5821 2009-12-03 3.35 -
Microsoft 1.5302 2009.12.03 2009-12-03 6.96 -
Norman 6.01.09 6.01.00 2009-12-03 2.01 -
Panda 9.05.01 2009.12.03 2009-12-03 2.29 -
Trend Micro 9.000-1003 6.668.05 2009-12-03 0.03 -
Quick Heal 10.00 2009.12.03 2009-12-03 1.29 -
Rising 20.0 22.24.03.06 2009-12-03 1.00 -
Sophos 3.02.0 4.48 2009-12-04 2.66 -
Sunbelt 3.9.2381.2 5541 2009-12-02 1.99 -
Symantec 1.3.0.24 20091203.004 2009-12-03 0.09 -
nProtect 20091203.01 6469758 2009-12-03 4.45 -
The Hacker 6.5.0.2 v00011 2009-09-18 0.83 -
VBA32 3.12.12.0 20091202.2156 2009-12-02 2.28 -
VirusBuster 4.5.11.10 10.114.8/1990116 2009-12-03 2.37 -
explorer.exe scan:
VirSCAN.org Scanned Report :
Scanned time : 2009/12/04 03:24:25 (CST)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 2927104 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 4f554999d7d5f05daaebba7b5ba1089d
SHA1 : e509a42554cc0e5888ac8bf494d3c02223238609
Online report : http://virscan.org/report/091421e77a2cc7892e7412e54c858c72.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091204023237 2009-12-04 4.07 -
AhnLab V3 2009.12.04.00 2009.12.04 2009-12-04 1.02 -
AntiVir 8.2.1.92 7.10.1.164 2009-12-03 0.95 -
Antiy 2.0.18 20091203.3345008 2009-12-03 0.45 -
Arcavir 2009 200912031020 2009-12-03 0.23 -
Authentium 5.1.1 200912022255 2009-12-02 2.74 -
AVAST! 4.7.4 091203-1 2009-12-03 0.11 -
AVG 8.5.288 270.14.91/2542 2009-12-03 0.35 -
BitDefender 7.81008.4683641 7.29278 2009-12-04 4.01 -
CA (VET) 35.1.0 7154 2009-12-02 10.60 -
ClamAV 0.95.2 10109 2009-12-03 0.33 -
Comodo 3.13 3123 2009-12-03 0.99 -
CP Secure 1.3.0.5 2009.12.04 2009-12-04 0.00 -
Dr.Web 4.44.0.9170 2009.12.03 2009-12-03 7.47 -
F-Prot 4.4.4.56 20091202 2009-12-02 2.48 -
F-Secure 7.02.73807 2009.12.03.12 2009-12-03 0.16 -
Fortinet 11.121- 11.121 2009-12-03 0.38 -
GData 19.9149/19.604 20091203 2009-12-03 5.47 -
ViRobot 20091203 2009.12.03 2009-12-03 1.31 -
Ikarus T3.1.01.74 2009.12.03.74642 2009-12-03 4.40 -
JiangMin 13.0.900 2009.12.02 2009-12-02 28.81 -
Kaspersky 5.5.10 2009.12.03 2009-12-03 0.08 -
KingSoft 2009.2.5.15 2009.12.3.20 2009-12-03 0.70 -
McAfee 5.3.00 5821 2009-12-03 3.39 -
Microsoft 1.5302 2009.12.03 2009-12-03 11.56 -
Norman 6.01.09 6.01.00 2009-12-03 2.01 -
Panda 9.05.01 2009.12.03 2009-12-03 4.21 -
Trend Micro 9.000-1003 6.668.05 2009-12-03 0.06 -
Quick Heal 10.00 2009.12.03 2009-12-03 2.87 -
Rising 20.0 22.24.03.06 2009-12-03 1.66 -
Sophos 3.02.0 4.48 2009-12-04 2.64 -
Sunbelt 3.9.2381.2 5541 2009-12-02 3.71 -
Symantec 1.3.0.24 20091203.004 2009-12-03 0.17 -
nProtect 20091203.01 6469758 2009-12-03 4.74 -
The Hacker 6.5.0.2 v00011 2009-09-18 1.14 -
VBA32 3.12.12.0 20091202.2156 2009-12-02 3.10 -
VirusBuster 4.5.11.10 10.114.8/1990116 2009-12-03 3.18 -
svchost.exe scan:
VirSCAN.org Scanned Report :
Scanned time : 2009/12/04 03:28:15 (CST)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 21504 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 3794b461c45882e06856f282eef025af
SHA1 : bf15549a7ec01ac505ccac036aba5b9bae688135
Online report : http://virscan.org/report/22f0c133e74a662564dd06a1644f318d.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091204023237 2009-12-04 4.45 -
AhnLab V3 2009.12.04.00 2009.12.04 2009-12-04 1.16 -
AntiVir 8.2.1.92 7.10.1.164 2009-12-03 1.93 -
Antiy 2.0.18 20091203.3345008 2009-12-03 0.12 -
Arcavir 2009 200912031415 2009-12-03 0.03 -
Authentium 5.1.1 200912022255 2009-12-02 1.24 -
AVAST! 4.7.4 091203-1 2009-12-03 0.01 -
AVG 8.5.288 270.14.91/2542 2009-12-03 0.31 -
BitDefender 7.81008.4684668 7.29280 2009-12-04 4.90 -
CA (VET) 35.1.0 7154 2009-12-02 6.03 -
ClamAV 0.95.2 10109 2009-12-03 0.01 -
Comodo 3.13 3123 2009-12-03 0.93 -
CP Secure 1.3.0.5 2009.12.04 2009-12-04 0.00 -
Dr.Web 4.44.0.9170 2009.12.03 2009-12-03 7.37 -
F-Prot 4.4.4.56 20091203 2009-12-03 1.24 -
F-Secure 7.02.73807 2009.12.03.12 2009-12-03 0.11 -
Fortinet 11.121- 11.121 2009-12-03 0.22 -
GData 19.9149/19.604 20091203 2009-12-03 7.25 -
ViRobot 20091203 2009.12.03 2009-12-03 0.42 -
Ikarus T3.1.01.74 2009.12.03.74642 2009-12-03 4.18 -
JiangMin 13.0.900 2009.12.02 2009-12-02 5.12 -
Kaspersky 5.5.10 2009.12.03 2009-12-03 0.07 -
KingSoft 2009.2.5.15 2009.12.3.20 2009-12-03 0.52 -
McAfee 5.3.00 5821 2009-12-03 3.29 -
Microsoft 1.5302 2009.12.03 2009-12-03 8.27 -
Norman 6.01.09 6.01.00 2009-12-03 8.01 -
Panda 9.05.01 2009.12.03 2009-12-03 2.71 -
Trend Micro 9.000-1003 6.668.05 2009-12-03 0.03 -
Quick Heal 10.00 2009.12.03 2009-12-03 1.26 -
Rising 20.0 22.24.03.06 2009-12-03 1.10 -
Sophos 3.02.0 4.48 2009-12-04 2.75 -
Sunbelt 3.9.2381.2 5541 2009-12-02 2.18 -
Symantec 1.3.0.24 20091203.004 2009-12-03 0.05 -
nProtect 20091203.01 6469758 2009-12-03 3.90 -
The Hacker 6.5.0.2 v00011 2009-09-18 0.86 -
VBA32 3.12.12.0 20091202.2156 2009-12-02 2.20 -
VirusBuster 4.5.11.10 10.114.8/1990116 2009-12-03 2.37 -
VirSCAN.org Scanned Report :
Scanned time : 2009/12/04 03:15:25 (CST)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 25088 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 0e135526e9785d085bcd9aede6fbcbf9
SHA1 : d15244d41efddbab08d53fe032aedff39091d3af
Online report : http://virscan.org/report/896059006db5f44acebb4b8d8ad9460c.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091204023237 2009-12-04 4.66 -
AhnLab V3 2009.12.04.00 2009.12.04 2009-12-04 1.61 -
AntiVir 8.2.1.92 7.10.1.164 2009-12-03 0.43 -
Antiy 2.0.18 20091203.3345008 2009-12-03 0.12 -
Arcavir 2009 200912031020 2009-12-03 0.03 -
Authentium 5.1.1 200912022255 2009-12-02 1.33 -
AVAST! 4.7.4 091203-1 2009-12-03 0.01 -
AVG 8.5.288 270.14.91/2542 2009-12-03 0.31 -
BitDefender 7.81008.4683641 7.29278 2009-12-04 4.02 -
CA (VET) 35.1.0 7154 2009-12-02 4.93 -
ClamAV 0.95.2 10109 2009-12-03 0.01 -
Comodo 3.13 3123 2009-12-03 0.95 -
CP Secure 1.3.0.5 2009.12.04 2009-12-04 0.00 -
Dr.Web 4.44.0.9170 2009.12.03 2009-12-03 7.37 -
F-Prot 4.4.4.56 20091202 2009-12-02 1.27 -
F-Secure 7.02.73807 2009.12.03.12 2009-12-03 0.11 -
Fortinet 11.121- 11.121 2009-12-03 0.39 -
GData 19.9149/19.604 20091203 2009-12-03 6.52 -
ViRobot 20091203 2009.12.03 2009-12-03 0.41 -
Ikarus T3.1.01.74 2009.12.03.74642 2009-12-03 4.13 -
JiangMin 13.0.900 2009.12.02 2009-12-02 9.54 -
Kaspersky 5.5.10 2009.12.03 2009-12-03 0.07 -
KingSoft 2009.2.5.15 2009.12.3.20 2009-12-03 0.51 -
McAfee 5.3.00 5821 2009-12-03 3.35 -
Microsoft 1.5302 2009.12.03 2009-12-03 6.96 -
Norman 6.01.09 6.01.00 2009-12-03 2.01 -
Panda 9.05.01 2009.12.03 2009-12-03 2.29 -
Trend Micro 9.000-1003 6.668.05 2009-12-03 0.03 -
Quick Heal 10.00 2009.12.03 2009-12-03 1.29 -
Rising 20.0 22.24.03.06 2009-12-03 1.00 -
Sophos 3.02.0 4.48 2009-12-04 2.66 -
Sunbelt 3.9.2381.2 5541 2009-12-02 1.99 -
Symantec 1.3.0.24 20091203.004 2009-12-03 0.09 -
nProtect 20091203.01 6469758 2009-12-03 4.45 -
The Hacker 6.5.0.2 v00011 2009-09-18 0.83 -
VBA32 3.12.12.0 20091202.2156 2009-12-02 2.28 -
VirusBuster 4.5.11.10 10.114.8/1990116 2009-12-03 2.37 -
explorer.exe scan:
VirSCAN.org Scanned Report :
Scanned time : 2009/12/04 03:24:25 (CST)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 2927104 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 4f554999d7d5f05daaebba7b5ba1089d
SHA1 : e509a42554cc0e5888ac8bf494d3c02223238609
Online report : http://virscan.org/report/091421e77a2cc7892e7412e54c858c72.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091204023237 2009-12-04 4.07 -
AhnLab V3 2009.12.04.00 2009.12.04 2009-12-04 1.02 -
AntiVir 8.2.1.92 7.10.1.164 2009-12-03 0.95 -
Antiy 2.0.18 20091203.3345008 2009-12-03 0.45 -
Arcavir 2009 200912031020 2009-12-03 0.23 -
Authentium 5.1.1 200912022255 2009-12-02 2.74 -
AVAST! 4.7.4 091203-1 2009-12-03 0.11 -
AVG 8.5.288 270.14.91/2542 2009-12-03 0.35 -
BitDefender 7.81008.4683641 7.29278 2009-12-04 4.01 -
CA (VET) 35.1.0 7154 2009-12-02 10.60 -
ClamAV 0.95.2 10109 2009-12-03 0.33 -
Comodo 3.13 3123 2009-12-03 0.99 -
CP Secure 1.3.0.5 2009.12.04 2009-12-04 0.00 -
Dr.Web 4.44.0.9170 2009.12.03 2009-12-03 7.47 -
F-Prot 4.4.4.56 20091202 2009-12-02 2.48 -
F-Secure 7.02.73807 2009.12.03.12 2009-12-03 0.16 -
Fortinet 11.121- 11.121 2009-12-03 0.38 -
GData 19.9149/19.604 20091203 2009-12-03 5.47 -
ViRobot 20091203 2009.12.03 2009-12-03 1.31 -
Ikarus T3.1.01.74 2009.12.03.74642 2009-12-03 4.40 -
JiangMin 13.0.900 2009.12.02 2009-12-02 28.81 -
Kaspersky 5.5.10 2009.12.03 2009-12-03 0.08 -
KingSoft 2009.2.5.15 2009.12.3.20 2009-12-03 0.70 -
McAfee 5.3.00 5821 2009-12-03 3.39 -
Microsoft 1.5302 2009.12.03 2009-12-03 11.56 -
Norman 6.01.09 6.01.00 2009-12-03 2.01 -
Panda 9.05.01 2009.12.03 2009-12-03 4.21 -
Trend Micro 9.000-1003 6.668.05 2009-12-03 0.06 -
Quick Heal 10.00 2009.12.03 2009-12-03 2.87 -
Rising 20.0 22.24.03.06 2009-12-03 1.66 -
Sophos 3.02.0 4.48 2009-12-04 2.64 -
Sunbelt 3.9.2381.2 5541 2009-12-02 3.71 -
Symantec 1.3.0.24 20091203.004 2009-12-03 0.17 -
nProtect 20091203.01 6469758 2009-12-03 4.74 -
The Hacker 6.5.0.2 v00011 2009-09-18 1.14 -
VBA32 3.12.12.0 20091202.2156 2009-12-02 3.10 -
VirusBuster 4.5.11.10 10.114.8/1990116 2009-12-03 3.18 -
svchost.exe scan:
VirSCAN.org Scanned Report :
Scanned time : 2009/12/04 03:28:15 (CST)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 21504 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 3794b461c45882e06856f282eef025af
SHA1 : bf15549a7ec01ac505ccac036aba5b9bae688135
Online report : http://virscan.org/report/22f0c133e74a662564dd06a1644f318d.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091204023237 2009-12-04 4.45 -
AhnLab V3 2009.12.04.00 2009.12.04 2009-12-04 1.16 -
AntiVir 8.2.1.92 7.10.1.164 2009-12-03 1.93 -
Antiy 2.0.18 20091203.3345008 2009-12-03 0.12 -
Arcavir 2009 200912031415 2009-12-03 0.03 -
Authentium 5.1.1 200912022255 2009-12-02 1.24 -
AVAST! 4.7.4 091203-1 2009-12-03 0.01 -
AVG 8.5.288 270.14.91/2542 2009-12-03 0.31 -
BitDefender 7.81008.4684668 7.29280 2009-12-04 4.90 -
CA (VET) 35.1.0 7154 2009-12-02 6.03 -
ClamAV 0.95.2 10109 2009-12-03 0.01 -
Comodo 3.13 3123 2009-12-03 0.93 -
CP Secure 1.3.0.5 2009.12.04 2009-12-04 0.00 -
Dr.Web 4.44.0.9170 2009.12.03 2009-12-03 7.37 -
F-Prot 4.4.4.56 20091203 2009-12-03 1.24 -
F-Secure 7.02.73807 2009.12.03.12 2009-12-03 0.11 -
Fortinet 11.121- 11.121 2009-12-03 0.22 -
GData 19.9149/19.604 20091203 2009-12-03 7.25 -
ViRobot 20091203 2009.12.03 2009-12-03 0.42 -
Ikarus T3.1.01.74 2009.12.03.74642 2009-12-03 4.18 -
JiangMin 13.0.900 2009.12.02 2009-12-02 5.12 -
Kaspersky 5.5.10 2009.12.03 2009-12-03 0.07 -
KingSoft 2009.2.5.15 2009.12.3.20 2009-12-03 0.52 -
McAfee 5.3.00 5821 2009-12-03 3.29 -
Microsoft 1.5302 2009.12.03 2009-12-03 8.27 -
Norman 6.01.09 6.01.00 2009-12-03 8.01 -
Panda 9.05.01 2009.12.03 2009-12-03 2.71 -
Trend Micro 9.000-1003 6.668.05 2009-12-03 0.03 -
Quick Heal 10.00 2009.12.03 2009-12-03 1.26 -
Rising 20.0 22.24.03.06 2009-12-03 1.10 -
Sophos 3.02.0 4.48 2009-12-04 2.75 -
Sunbelt 3.9.2381.2 5541 2009-12-02 2.18 -
Symantec 1.3.0.24 20091203.004 2009-12-03 0.05 -
nProtect 20091203.01 6469758 2009-12-03 3.90 -
The Hacker 6.5.0.2 v00011 2009-09-18 0.86 -
VBA32 3.12.12.0 20091202.2156 2009-12-02 2.20 -
VirusBuster 4.5.11.10 10.114.8/1990116 2009-12-03 2.37 -
Bobbye
Posts: 16,313 +36
That's good news! Now you go back to the beginning.
Please follow that steps in our Virus and Malware Removal thread HERE.
Be sure to check the lines in both Malwarebytes and Superantispyware to remove the entries they find.
don't remove anything in HijackThis yet- we'll help with that.
It would also be helpful to know what system problems you're having and what operating system you're using.
When you have finished, please lattach the logs to your next reply. They wi;ll be reviewed to find and remove the source of the malware.
Please follow that steps in our Virus and Malware Removal thread HERE.
Be sure to check the lines in both Malwarebytes and Superantispyware to remove the entries they find.
don't remove anything in HijackThis yet- we'll help with that.
It would also be helpful to know what system problems you're having and what operating system you're using.
When you have finished, please lattach the logs to your next reply. They wi;ll be reviewed to find and remove the source of the malware.
- Status
Latest posts
-
Nvidia GeForce RTX 3050 6GB Review: Quiet Release, Dodgy Name- captaincranky replied
-
These credit cards feature OLEDs that light up upon payment- Uncle Al replied
