[bebanito]

I am running Win XP sp3 with Avast as my anti virus. After downloading a program and scanning it with Avast and Malwarebytes' Anti-Malware everything seemed to be ok but when I clicked to open it I-Iell start loose on my pc. Avast start popping up 3-4 warning windows at a time saying I have a trojan, or a worm... tried to quarantine, did so with the first 10 of them then pc freezed so I restarted again, then I saw I lost internet connection (I am using wireless with a dongle) tried to reinstall it again (the dongle driver) no success... Reboot again in safe mode with networking, but it opened only in safe mode without networking so I ran Avast again and my pc freezed again! Reboot again in safe mode but surprisingly the pc started to reboot over and over again without ever finalizing the process. Pissed off I formatted C: and reinstall OS again. I have 2 partitions: C: and D: and when tired of all of this almost got my pc back as it was before I opened an .exe file which had it in D: and guessed what?... yes, I-Iell broke loose again! Did everything from the beginning again (this is a second full day since I am on it!) but now I did not touch anything from D: instead I ran in boot phase the Avast and found some worms and trojans in D: and I quarantined them, also ran Gmer scan and Combofix scan which I will posted here. Expecting more detailed advices.
Thank you.

P.S. After I looked in the quarantined file it looks that I have to deal with Win32/Vitro and Win32/JunkPoly...Did a google search and it looks really bad...

Attached Files

•  ComboFixscan.txt   6.19KB   190 downloads
•  Gmerscan.txt   3KB   84 downloads

Edited by bebanito, 28 October 2009 - 09:37 PM.

[Advertisements]

Hi,

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  
  • c:\windows\system32\userinit.exe
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Can you also please scan these files,

C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe

[chamber]

Hi,

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  
  • c:\windows\system32\userinit.exe
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Can you also please scan these files,

C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe

[bebanito]

Thank you very much for your help, but I couldn't wait that much, I needed the pc , therefore I have been formatting the pc and reinstalling the OS completely. Backed-up all files without an .exe extension and erased everything else. The ultimate solution, but it worked.

[chamber]

Probably the best idea as Win32/Vitro is also known as virut which is an extremely nasty file infector.

Let me know if you need anything else or if you want this thread closed.

[bebanito]

Yes, you can close this thread.
Thank you.

[chamber]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.