[Essexboy]

Could you please run Dr Web again just the quick scan initially but with a fresh copy

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

[Advertisements]

I am having problems downloading DrWeb and I have already deleted the copy I had. Do you have any other download locations for it.

[BigDod]

I am having problems downloading DrWeb and I have already deleted the copy I had. Do you have any other download locations for it.

[Essexboy]

OK it looks like Virut was not killed. This is a nasty virus that infects all of your exe files and as you did a reinstall rather that reformat it looks like the windows files were re-infected as they reloaded. I would recommend at this stage to back up all your data files but not .exe or screensavers

Try this link http://cid-32d8666f4...nch.exe?lc=2057

and download launch.exe

[BigDod]

 DrWeb.zip   206bytes   549 downloads

Express scan log

Edit - I did do a format but there was a folder with very important data that had to be copied from before.

Edit2 - If there is any way to ensure that the file on my memory stick were completely cleaned I could always do another format and install.

Edited by BigDod, 13 February 2009 - 03:01 PM.

[Essexboy]

Can you try this

Right click each element in turn and select properties
Select the driver tab
Select roll back driver

And then let me know the result

[Essexboy]

Sorry forgot to answer your question -

If there is any way to ensure that the file on my memory stick were completely cleaned I could always do another format and install.

as long as they are not executable files or screensavers they are OK that is to say if they are data files (word, excell etc. )

[BigDod]

When I try to roll back the drivers I get a message stating "No driver files have been backed up for this device".
Is the computer now clean of virus's, if so would a repair install fix the driver issue.

[Essexboy]

I can see no further malware so try a repair install and the post a new Hijackthis log and let me know how things are running

[BigDod]

I am posting this from the "infected" computer so I have network back.

 hijackthis.txt   3.09KB   539 downloads

Now I get a message saying crystl32.ocx is not registered when I try to run the program that is needed on this computer.

[Essexboy]

Lets register that ocx then, to do this :

Click Start > Run and type in the following

Regsvr32 /s crystl32.ocx

Then retry the programme

Your Hijackthis log now looks clean

Update and run MBAM and then let me know how your system is running

[BigDod]

Still the same error message with the program. Running MBAM now.

[Essexboy]

OK lets change the parameters slightly to see if it will work. If this fails we will need to check the dependencies

Click Start > Run and type in the following including quote marks

regsvr32.exe "C:\Windows\System\crystl32.ocx"

[BigDod]

 mbam_log_2009_02_14__14_40_24_.txt   1.11KB   540 downloads
MBAM found 4 things.

regsvr32.exe "C:\Windows\System\crystl32.ocx" still failed

Edited by BigDod, 14 February 2009 - 08:46 AM.

[Essexboy]

OK Just trying to find a copy of dependency walker to find out why the ocx is not registering

On the MBAM report it says no action taken is this correct ?

[BigDod]

It said that it needed to restart to fix and I did that.