Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WINDOWS XP WILL NOT START, SUSPECTED WIN32/VIRUT


  • Please log in to reply

#16
alexkershawftw

alexkershawftw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Broni - Thanks for the list, I'll make sure to check that.

Also, as for the recovery disk... I don't know what that is. I don't seem to have any form of disk for my Windows XP unfortunately... as I was given this PC by somebody else who got it made by somebody... I doubt I could find the CD.
  • 0

Advertisements


#17
alexkershawftw

alexkershawftw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Edge - Thanks a lot for that, that's very helpful :)

I'll definately be using that :)
  • 0

#18
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Its alright cbarnard, I just didn't want him making a topic there cause it would not help

Here is my virut speech


You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.
  • Backup all your documents and important items only.
  • DO NOT backup any executable files (,exe .scr .html or .htm)
  • Do Not back up compressed files (zip/cab/rar) files that may contain .exe or .scr files
  • Reformat and Reinstall as outlined HERE


I suggest you do the following immediately:
  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.



I will leave you with Broni and edge, this is their area now.
  • 0

#19
alexkershawftw

alexkershawftw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Edge - The instructions for that Linux USB thing are a weird... it doesn't actually mention saving anything onto a USB pen...

Am I right in saying that I download the first link to the USB pen and then open it, and it will make a folder for itself. Then I download the ISO and place it into the folder on the USB pen.

Then I run U904.bat from the folder on my usb pen...

Then it should be done?

Then I go onto my corrupt PC, tell it to boot from USB in the BIOS and then it should boot up as Linux instead of Windows?

Knowing my luck, the chances of this working are zilch but I'm trying it now... tell me if I got some of those steps wrong
  • 0

#20
alexkershawftw

alexkershawftw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Thanks for the info Rors
  • 0

#21
edge2022

edge2022

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,117 posts
I liked that speech Rorschach112... very informative. :)

Download u.9.04p.exe to your C: drive. Then run the file and extract the contents to your C: drive. Now you should have a folder named U904p in your C: drive. Now download the Ubuntu 9.04 ISO file to the folder C:\U904p
Once you have done that post back and we can continue.
  • 0

#22
Broni

Broni

    Kraków my love :)

  • Member
  • PipPipPipPipPipPipPipPip
  • 12,300 posts
Just a little illustration regarding Virut from a computer I worked on few days ago.

This is a part of Combofix log, posted on June 14th (the date is important here)

((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 03:14 . 2004-06-09 14:58 16896 ----a-w- c:\windows\system32\wbem\UNSECAPP.EXE
2009-06-14 03:14 . 2004-06-09 14:58 36352 ----a-w- c:\windows\system32\wbem\scrcons.exe
2009-06-14 03:12 . 2006-10-19 04:00 17408 ----a-w- c:\windows\system32\wpdshextautoplay.exe
2009-06-14 03:12 . 2002-08-21 13:13 189952 ----a-w- c:\windows\system32\WISPTIS.EXE
2009-06-14 03:12 . 2004-06-09 14:57 433664 ----a-w- c:\windows\system32\wiaacmgr.exe
2009-06-14 03:12 . 2004-06-09 14:57 289792 ----a-w- c:\windows\system32\vssvc.exe
2009-06-14 03:12 . 2004-06-09 14:57 16896 ----a-w- c:\windows\system32\upnpcont.exe
2009-06-14 03:12 . 2004-06-09 14:58 131584 ----a-w- c:\windows\system32\sndrec32.exe
2009-06-14 03:12 . 2004-06-09 14:57 49152 ----a-w- c:\windows\system32\RSMUI.EXE
2009-06-14 03:12 . 2004-06-09 14:57 24576 ----a-w- c:\windows\system32\RSMSINK.EXE
2009-06-14 03:12 . 2004-06-09 14:58 67072 ----a-w- c:\windows\system32\rdshost.exe
2009-06-14 03:12 . 2004-06-09 14:57 109568 ----a-w- c:\windows\system32\progman.exe
2009-06-14 03:12 . 2004-08-31 23:03 192512 ----a-w- c:\windows\system32\PdeSrv2.exe
2009-06-14 03:12 . 2004-06-09 14:57 40448 ----a-w- c:\windows\system32\OSUNINST.EXE
2009-06-14 03:11 . 2004-06-09 14:57 45568 ----a-w- c:\windows\system32\mshta.exe
2009-06-14 03:11 . 2004-06-09 14:57 143360 ----a-w- c:\windows\system32\mobsync.exe
2009-06-14 03:11 . 2004-08-31 23:04 100864 ----a-w- c:\windows\system32\logagent.exe
2009-06-14 03:11 . 2005-08-01 06:29 14848 ----a-w- c:\windows\system32\jdbgmgr.exe
2009-06-14 03:11 . 2004-06-09 14:58 150528 ----a-w- c:\windows\system32\imapi.exe
2009-06-14 03:11 . 2004-06-09 14:57 15872 ----a-w- c:\windows\system32\dmremote.exe
2009-06-14 03:11 . 2004-06-09 14:57 224768 ----a-w- c:\windows\system32\dmadmin.exe
2009-06-14 03:11 . 2008-01-04 21:59 524288 ----a-w- c:\windows\system32\DivXsm.exe
2009-06-14 03:11 . 2004-06-09 14:58 82944 ----a-w- c:\windows\system32\dfrgfat.exe
2009-06-14 03:10 . 2004-06-09 14:57 8192 ----a-w- c:\windows\system32\CONTROL.EXE
2009-06-14 03:10 . 2004-06-09 14:58 102912 ----a-w- c:\windows\system32\clipbrd.exe
2009-06-14 03:10 . 2004-06-09 14:58 44544 ----a-w- c:\windows\system32\alg.exe
2009-06-14 03:10 . 2004-08-31 22:51 184320 ----a-w- c:\windows\system32\accwiz.exe
2009-06-14 03:07 . 2004-03-30 01:34 769024 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpctr.exe
2009-06-14 03:03 . 2004-06-09 14:59 1077248 ----a-w- c:\windows\Help\SBSI\Training\orun32.exe
2009-06-14 02:52 . 2004-06-09 14:57 1033728 ----a-w- c:\windows\explorer.exe
2009-06-14 00:59 . 2004-06-09 14:58 5632 ----a-w- c:\windows\system32\WRITE.EXE
2009-06-14 00:59 . 2004-06-09 14:58 119808 ----a-w- c:\windows\system32\WINMINE.EXE
2009-06-14 00:59 . 2006-03-17 00:38 28672 ----a-w- c:\windows\system32\verclsid.exe
2009-06-14 00:59 . 2004-06-09 14:58 26112 ----a-w- c:\windows\system32\userinit.exe
2009-06-14 00:59 . 2004-06-09 14:58 347136 ----a-w- c:\windows\system32\tourstart.exe
2009-06-14 00:58 . 2004-06-09 14:57 47104 ----a-w- c:\windows\system32\ssmypics.scr
2009-06-14 00:58 . 2004-06-09 14:58 538624 ----a-w- c:\windows\system32\spider.exe
2009-06-14 00:58 . 2004-06-09 14:57 33280 ----a-w- c:\windows\system32\rundll32.exe
2009-06-14 00:58 . 2004-06-09 14:57 11776 ----a-w- c:\windows\system32\regsvr32.exe
2009-06-14 00:58 . 2004-06-09 14:58 17920 ----a-w- c:\windows\system32\ping.exe
2009-06-14 00:58 . 2004-06-09 14:58 126976 ----a-w- c:\windows\system32\MSHEARTS.EXE
2009-06-14 00:57 . 2004-06-09 14:58 55296 ----a-w- c:\windows\system32\FREECELL.EXE
2009-06-14 00:57 . 2004-06-09 14:58 180224 ----a-w- c:\windows\system32\dwwin.exe
2009-06-14 00:57 . 2004-06-09 14:58 10752 ----a-w- c:\windows\system32\dumprep.exe
2009-06-14 00:57 . 2004-06-09 14:57 7264 ----a-w- c:\windows\system32\CIDAEMON.EXE
2009-06-14 00:45 . 2004-10-17 00:46 299520 ----a-w- c:\windows\uninst.exe
2009-06-14 00:45 . 2004-06-09 14:57 146432 ----a-w- c:\windows\regedit.exe
2009-06-14 00:45 . 2004-06-09 14:57 69120 ----a-w- c:\windows\notepad.exe
2009-06-14 00:44 . 2004-06-09 14:57 10752 ----a-w- c:\windows\hh.exe
2009-06-14 00:44 . 2005-01-15 22:05 796672 ----a-w- c:\windows\GPInstall.exe
2009-06-13 23:43 . 2005-07-27 14:59 65536 ----a-w- c:\windows\system32\xElevate_d44f.exe
2009-06-13 23:43 . 2004-08-31 22:44 267776 ----a-w- c:\windows\system32\fxssvc.exe
2009-06-13 23:43 . 2005-07-16 05:24 139264 ------w- c:\windows\system32\UStorSrv.exe
2009-06-13 23:43 . 2004-08-31 22:58 65536 ----a-w- c:\windows\wanmpsvc.exe
2009-06-13 23:43 . 2004-08-31 22:55 44032 ----a-w- c:\windows\system32\CTSVCCDA.EXE
2009-06-13 23:43 . 2004-06-09 14:57 5632 ----a-w- c:\windows\system32\cisvc.exe
2009-06-13 23:43 . 2004-06-09 14:58 15360 ----a-w- c:\windows\system32\ctfmon.exe
2009-06-13 22:51 . 2009-01-03 18:46 -------- d-----w- c:\program files\XoftSpySE


All files listed in the right column are legit Windows files, and 1st column shows, they've been all modified on 13-14 of June.
This is what Virut does. It adds its own malicious code to the most of important Windows files.
Now, theoretically, to cure the infection, you'd have to replace all those files, and not all infected files are even listed here. How can you make sure, you'll be able to track every single infected file?
  • 0

#23
edge2022

edge2022

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,117 posts
That was a good example of how Virut can destroy Windows, Broni. :)

Can you give me the capacity of your flash drive and the amount (500mb, 1gb, etc.) of data that you want to recover. Also give the make and model of your computer.
  • 0

#24
alexkershawftw

alexkershawftw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Thanks Edge

Before you posted that, I downloaded U.9.04p.exe to my pen drive though. Then I extracted it into my pen drive, creating the U904p folder in my pen drive. I then downloaded the ISO and told it to save straight into that pen drive folder. So could I just drag that folder from the pen drive to the desktop now, so it's on my C drive? If that is the case, then I'm done with the instructions that you have given so far.

However, I don't have my USB pen for a few hours because I'm borrowing it off my sister and she needs it but when I get it back in a few hours (hopefully) I'll come back here, hopefully seeing the next instructions. :)

Thanks a lot for your help... also, remember to tell me whether it's ok to just drag the U904p folder from my pen drive to my desktop. Basically I did everything you said to do on the C drive in the pen drive. Oh and when you say on the C drive, you don't mean on the infected computer do you? Because I can't log in to access that... that's why I thought I had to do everything on the pen drive because the laptop I'm using now has nothing to do with it.

So as far as I'm aware now, by 'C Drive' you mean the hard drive on the laptop I'm using now, which is not the computer with the files I wish to backup.
  • 0

#25
edge2022

edge2022

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,117 posts
By C: drive, I mean the HDD in which Windows is installed on a computer that works. So just drag and drop the U904p folder to your desktop, and format the flash drive in the FAT32 filsystem.

Can you give me the capacity of your flash drive and the amount (500mb, 1gb, etc.) of data that you want to recover. Also give the make and model of your computer.

Answer this question as this may require us to make some changes.
  • 0

Advertisements


#26
alexkershawftw

alexkershawftw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Ok so I've just dragged the folder from the USB pen onto the desktop and it's copying the items now


As for formatting the flash drive in the FAT32 system... I have no idea what that means... I assume the 'flash drive' is the USB pen, but I have no idea what the 'FAT32 system' is and I don't know how to 'format' it... sorry.

As for your question, the USB pen holds 2gig and I'm not sure of the size of the files I want to back-up. However, I have an idea. There is a website called http://www.mesh.com

This website allows you to upload files to an online desktop... so if the files I want to back-up don't all fit on the USB pen, I can just put as much as I can on, then put it into the laptop, upload the files to the online desktop, then remove the files from the USB pen and repeat until all of the files are backed up. Sound good?

So far, I have dragged the folder to my desktop and I am going to run the .bat file now.

EDIT: When you say make/model of my computer, I assume you mean the infected one. I'm not actually sure... I could turn it on now and tell you which brand name comes up when I turn it on if you want.

Edited by alexkershawftw, 22 June 2009 - 12:09 PM.

  • 0

#27
alexkershawftw

alexkershawftw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I ran the .bat file and now it's taking a while...

Do you know how long it takes exactly? It says "Please wait while we copy the casper-rw partition. This may take some time...."
  • 0

#28
alexkershawftw

alexkershawftw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Ok, I did it.

I had to right click 'makeboot' and click 'run as administrator' because this laptop uses Vista, though. Now it says it's ready. I'm going to put the USB into my computer now and tell it to boot from USB (when I found out how). Thanks for the help, I'll tell you how it goes...
  • 0

#29
edge2022

edge2022

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,117 posts
Go into your BIOS setup and make USB #1 in the boot order list.
Hope it works out well! :)

Using Mesh to upload files that won't fit on the USB flash drive is a good idea.
  • 0

#30
alexkershawftw

alexkershawftw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Thanks for the help so far...

I have a problem though. I went into the BIOS and went on 'advanced setup options' or something like that... anyway when I selected something like '1st boot' there were 4 options with 'USB' in it.

There were USB-ZIP, USB-FDD, USB-CDROM and USB-HDD. When I tried USB-HDD, I got this message:

"SYSLINUX 3.63 2008-04-10 EBIOS Copyright © 1994-2008 H. Peter Anvin
Could not find kernel image: linux
Boot:"

The other 3 USB options just booted XP as normal and wouldn't let me log in as usual.

I don't know what the problem is... you know anything?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP