A1385889.exe;C:\System Volume Information\_restore{E985765F-B449-44C3-92CC-689E2B0E6D95}\RP830;Win32.Virut.56;Cured.;
Actually, this is not good.. In fact, this is very-very bad..
Some info about Virut.. It infects ALL executable files, in each and every partition the computer has, including any files inside the thumbdrive and external hard disk that been used with that computer...
Due to this matter, I would advised you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installer and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files... We are looking for possible Virut infection, and if it is.. Then you might have to wipe the machine clean..
Make sure you back-up everything ONLY via CD or DVD (non-rewritable)
But lets do this first.. (after you backup all important stuff)...
IMPORTANT! Disconnect your infected computer from the internet. We have to transfer ALL logs via cd/pendrive. Make sure that cd/pendrive is EMPTY as we don't want the baddies infected another clean computer.. Just logs in form of textfile (.txt/notepad) inside that cd/pendrive..
Delete the Dr.Web CureIt and ComboFix from your computer (if present) and do below.. We need to use fresh copy of both programs..
From a clean computer, download these three files and burn them on a CD (Do not use thumbdrive or external hard disk).. We will need to run ALL programs DIRECTLY from the CD
rename.com (this is Dr.Web CureIt renamed by me)
ComboFix
AVPTool by Kaspersky
Step 1: rename.com
Run rename.com at the infected computer DIRECTLY from the CD
- Double-click the rename.com file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
- Click the green arrow button at the right, and the scan will start.
- After the scan finished, click Select all
- Click on Cure and choose Move incurable
- When the scan has finished, in the menu, click File and choose Save report list
- Save the report to your Desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)
Step 2: AVP Tool
- Double click the setup file to run and install it.
- By default it will install to your Desktop (as Kaspersky Lab Tool folder)
- A Kaspersky Virus Removal Tool window will open. There will be a tab that says Automatic Scan.
- Under Automatic Scan make sure these are checked.
- [1.] System Memory
[2.] Startup Objects
[3.] Disk Boot Sectors.
[4.] My Computer.
[5.] Also any other drives (Removable that you may have)
- [1.] System Memory
- After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
- Then choose OK again then you are back to the main screen.
- Then click on Scan button.
- It will automatically Neutralize any objects found.
- If some objects are left unneutralized then click the button that says Neutralize all
- If it says it cannot be Neutralized, then chooose the Delete option when prompted.
- After that is done click on the Report button at the bottom and save it to file name as Kas.
- Save it somewhere convenient like your Desktop and just post only the detected Virus\malware in the report. It will be at the very top under Detected. Post those results in your next reply.
- When you close the AVPTool, you will be asked to uninstall the program.. Choose Yes..
Step 3: ComboFix
Just double-click ComboFix and run it.. Remember to disable ALL Antivirus/Antispyware/Firewall first..
Post these logs in your next reply.. Each log in separate post..
1. rename.com (Dr.Web CureIt)
2. AVP Tool
3. ComboFix