Win32/Heur & Win/Virut Virus detected by AVG. Need help

[Resist]

Hi, I can't seem to get rid of this win32 heur virus. AVG 8 keeps detecting a threat, but there is a continuous stream of threats from almost all of my programs. It seems as if the virus is spreading. Please help me.

I have provided the following logs that were requested
1) Malwarebytes Anti Malware log
2) SuperAntiSpyware log
3) Hijackthis log

 

[ChrisDown]

I'm interested by these, although I'm not sure they're actually malware:

O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inethttpfilter.dll

Please download LSP-fix and remove those entries, unless you have a reason to believe that they should be there. I would suggest that you then reboot and attempt to rename inethttpfilter.dll to something else.

 

[Resist]

I ran the LSPFix however, it was shown that No problems found. I will try renaming the file and rebooting. Can i ask, I searched into that directory, but there was only 1 file called "inethttpfilter.dll", but in the log, why is it shown 4 times?

 

[ChrisDown]

It is shown four times because it is in Winsock four times.

 

[Resist]

Ok. I tried renaming it but when i log in from the restart of PC, it says An unauthorized change in windows has occured so it just logged off. I had to enter safe mode to change it back, in which now I can log on. But I still have the Win32/Heur and Win32/Virut detected from AVG 8.5 Free.

I've also tried running CCleaner many times.

 

[ChrisDown]

That's a bit weird, as far as I am aware, inethttpfilter is not a part of windows itself.

Which files is AVG detecting as infected?

 

[Resist]

There are a load of infected files in the Virus Fault. Do you have any idea how i can post them?

 

[ChrisDown]

You could take some screenshots of the vault using print screen. If you don't know how, this explains it.

 

[Resist]

Ok i've uploaded a pic of the infections. I hope this helps.

 

[ChrisDown]

I think you have Smitfraud. I see you have Smitfraudfix on your system which has, unfortunately, also been infected.

Lets try ComboFix. First, go into Safe Mode with Networking from your boot menu (usually F8). Then, download ComboFix from here, and save it to the Desktop.

Do not click on the ComboFix window whilst it runs, as it may stall. Once ComboFix is done, please upload the log.

Thanks.

 

[Resist]

I had this weird thing pop-up when i ran VundoFIx. It is shown in the screenshot provided

 

[ChrisDown]

Ah, Virut. Dr. Web has always been of assistance in cases like these, at least for me. After you've done the business with it, please do the 8-steps again and repost the three logs.

http://www.freedrweb.com/livecd

 

[Resist]

Hi, sorry for the late reply. This is because of the DrWeb scanning taking surprisingly long. However, as you said, it got rid of Win32/Virut and I managed to run ComboFix in safe mode. I'll post the log later when Malwarebytes, SuperAntispyware and HIJackThis have finished. Do you want the log from DrWeb scan that i made? It found over 1,000 infections. Thankfully, they were all cured or moved/deleted. I'll have to reinstall some of my software though, since some of the .exe's were deleted during the scan, but thats not a problem as long as i get rid of this virus.

 

[ChrisDown]

Any logs you've got would be appreciated, a new HijackThis log would be good too.

 

[Resist]

I haved posted all the logs that I have got from all the scanners. AVG is detecting a lot less viruses, but I still get the occasional Win32/Heur. Please take a look at my logs to see if you find anything that looks like it may be the cause of this. Thanks

 

[Resist]

I've just figured out, whenever I enter my Windows directory, AVG detects more cases of Win32/Virut. It keeps returning whenever cure the files with DrWeb > <