advice backing up before malware removal

[udhetari]

Hi, I'm new here.  My lap top is infected with Win32 vitro.  I've found your threads and plan to follow your procedures, but first I wanted to ask about backing up my files to a portable hard drive. 

Can I be sure of not backing up the virus at the same time I backup the documents?
Also, I have a wireless network for internet and printers.  Can my other computers become infected through the network? 

I use Windows XP SP3 and avast free home edition.  I've been using the Windows firewall, but there has been a problem lately, presumably the reason the virus got in.

Thanks for your advice.

[harry 48]

http://www.computerhope.com/forum/index.php/topic,46313.0.html


please go to above and complete , post the 3 logs here , an expert will see them

please keep sas and mbam in your pc and run weekly

avast free home edition , this is fine

[Allan]

1) Do not backup files until the system is no longer infected
2) As long as you don't transfer files between / among systems then no, the other computers on the network cannot become infected from yours.

[udhetari]

Thanks for your quick responses.  A friend is helping me go through the steps.  I will post the logs as soon as I get them.

[udhetari]

Okay, here are the logs, and the details of what happened:

While reading what I thought was a reliable site, I got a pop-up ad - despite having the blocker on - and without thinking tried to close it by clicking the red x.  It immediately started a download, and almost immediately avast found the virus and advised me to disconnect from the network.  Unfortunately I couldn't disconnect during the download - I ended up leaving the room to turn off the router.

An avast scan found  Win32 vitro in the system32 folder, but was unable to move or delete it.  I restarted and rescanned with the same result. 

A friend then ran a Norton scan, plus CCleaner, plus another malware removal tool that I don't have the name of.  He never found Win32 vitro in the virus list, but he removed many other viruses and tracking cookies.  When I got the computer back, an avast boot scan gave me two error messages for a corrupted CAB archive (error 42127) and a corrupted OLE archive (error 42145).  I then ran through your malware removal steps, with the attached log results.

The computer seems to be running fine now, with no more avast warnings.  I am left with a Windows warning that I have no firewall, even though the security page shows that the firewall and all automatic updates are activated.  I had this problem before the virus infection.

So my questions are:  where did the Win32 vitro go?  What's wrong with my firewall?  Is it safe for me to send files to other people?

I appreciate any advice.

[Saving space, attachment deleted by admin]

[harry 48]

please do not send files or anything to any-one until you are given the all clear

keep mbam , sas and ccleaner in your pc and run weekly

below you can see your hjt log and the threats/action to take ( by an expert ) in red

http://www.computerhope.com/cgi-bin/process.pl

[udhetari]

Okay - I used the hjt log tool and followed some of the steps, then ran another round of checks.  The new hjt and mbam logs are attached, and the new HJT log tool report is here:    http://www.computerhope.com/cgi-bin/process.pl?o=1616162

Some of the unknown processes appear to be associated with games my kids have played on sites like miniclip.  How can I get rid of them (the processes, not the kids)?

Others are samsung files.  I think magickbd.exe is for the fingerpad on the notebook, but it caused a problem when I tried to install the comodo firewall.  When the computer restarted after installation, comodo thought it was a threat and restarted the computer - at least I think that's what happened.  I went into an endless loop of restarts:  Windows would load, I'd log in, comodo would restart the computer.  It went too fast to do anything, so I started in safe mode and uninstalled comodo. 

So I'm without a firewall again.  Can you recommend one that's a little more user-friendly?


[Saving space, attachment deleted by admin]

[harry 48]

http://www.zonealarm.com/security/en/free-upgrade-security-suite-zonealarm-firewall.htm

try the one above if you don't like it come back for another

go to add and remove and remove msn completely and then download it again , i have msn but you have a few things i don't have and i don't think you need them for games all the games should be there as well to delete

you also have GameHouse Games Player i don't know if you need it or not

[udhetari]

Thanks harry.

I can't find MSN in Add/Remove files.  Is there another way to find and remove it?

I don't know GameHouse - is this something that is downloaded for online games, as that's the only gameplaying that takes place on this computer?  At any rate, it's not in Add/Remove files either.

As to ZoneAlarm:  I've read a lot of user reviews saying it's a resource hog or it locks up Windows, blocks applications, etc.  I've read equally many saying it's great.  Is there something to look out for in installation or settings to avoid the problems that some people are having?