once badly infected-not sure what now

[bouncier]

Hi, well you asked for it...there was 161 threats on my system.  I have no idea what is on where because the computer was given to me.  (She goes through them like candy- paranoia... but uses web search, etc.)

I noticed that some of the threats were quite old which tells me that the programs we used previously, and the malicious removal tool put out by MS didn't detect them on all the passes there has been.

 C:\Program Files\Atlantis\Atlantis.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP138\A0024726.dll   probably a variant of Win32/Adware.Gamevance.AG application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP173\A0027677.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP174\A0027687.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP174\A0027691.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP174\A0027695.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP174\A0027700.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP174\A0027762.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP174\A0027766.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP174\A0027775.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP174\A0027786.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP174\A0027791.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP174\A0027800.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0027991.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0027999.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028001.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028005.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028006.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028008.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028053.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028058.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028070.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028074.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028121.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028123.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028137.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028138.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028149.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028153.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028159.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028162.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028167.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028175.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175\A0028176.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028238.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028240.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028244.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028245.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028246.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028247.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028249.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028250.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028252.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028253.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028256.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028267.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028271.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028275.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028277.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028286.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028306.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028309.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028405.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028460.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028471.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028482.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028490.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028495.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177\A0028500.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028563.exe   Win32/Agent.RLA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028584.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028587.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028601.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028635.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028640.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028771.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028779.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028783.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028795.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028811.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028815.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028893.dll   Win32/Agent.RLA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028894.dll   Win32/Agent.RLA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028905.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028907.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179\A0028912.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029275.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029283.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029310.scr   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029390.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029414.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029415.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029416.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029430.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029432.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029434.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029436.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029445.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029447.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029463.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029467.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029479.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029482.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029490.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029735.dll   Win32/Agent.RLA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0029736.dll   Win32/Agent.RLA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0030295.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0030303.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0031263.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP181\A0031323.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP186\A0031701.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP186\A0031702.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP186\A0031718.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP186\A0031761.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP186\A0031775.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP186\A0031961.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP186\A0031963.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP186\A0031964.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP186\A0031968.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP186\A0031986.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP186\A0032003.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP186\A0032008.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP186\A0032010.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP187\A0032364.rbf   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP187\A0032431.rbf   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP187\A0032495.rbf   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037807.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037816.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037842.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037844.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037848.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037862.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037875.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037879.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037880.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037882.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037891.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037893.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037901.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037910.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037911.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037922.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037924.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037928.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037930.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037933.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037938.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037942.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037946.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037953.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0037960.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0038303.dll   Win32/Agent.RLA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0038304.dll   Win32/Agent.RLA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0038538.dll   Win32/Agent.RLA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193\A0038539.dll   Win32/Agent.RLA trojan   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP197\A0039840.rbf   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP206\A0040963.DLL   a variant of Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP206\A0040964.DLL   Win32/Toolbar.MyWebSearch application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP208\A0042036.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP208\A0042037.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP208\A0042040.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP208\A0042041.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP208\A0042042.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP208\A0042043.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP208\A0042044.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP208\A0042045.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP208\A0042046.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP208\A0042049.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP208\A0042050.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP265\A0056638.exe   Win32/Virut.NBP virus   cleaned - quarantined
C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP88\A0019362.dll   probably a variant of Win32/Adware.Gamevance.AG application   cleaned by deleting - quarantined

[SuperDave]

You didn't tell me what messages you receive when you try to download programs. I'm afraid I have some bad news. You have had and probably still have Virut on your computer and all the experts feel that this is uncurable, although a lot of products say that they can cure it. See below.

Unfortunately the only reliable cure for Virut is a complete reformat and reinstall. See here for more information. Virut and other File infectors - Throwing in the Towel?

Many of the major antivirus vendors have Virut removal tools but many times Virut is not repairable. The only reliable way to remove Virut is removing the system files it has infected and in turn crippling the system and calling for a reformat/reinstall anyway. Remember it is always spreading so trying to contain it is impossible. See this article on why it is so destructive. Under the Hood: Virut

If you do try to repair this without reformatting then your best chance is using the Avira AntiVir Rescue CD. (free) And/or the Dr Web LiveCD. (also free)

Backing up files before formatting

If you backup any files they should be scanned from a clean properly protected PC before restoring. Also be careful what scanner is used as some are very poor at detecting and even worse at protecting from this infection. In fact due to the nature of these new infections there are probably no tools that will properly protect you from the infection. Be very selective and only backup files you can not replace like text documents and personal photos.

Do not back up to another machine! It will likely become infected by Virut. Burn to DVD/CD, a flash drive or to an external drive which has nothing else on it and which you can format should it become infected from the backups.

I suggest running at least 3 of the below scanners on the backup files. Run the first scan then reboot before running the second then reboot after the second before running the third.
 
-) Dr.Web CureIt!
-) AVG Win32/Virut Removal Tool
-) Symantwc W32.Virut Removal Tool
-) McAfee Avert Stinger
-) Microsoft Windows Malicious Software Removal Tool

If you do not know how to perform a fresh install, use this website -> www.windowsreinstall.com/

Very important, do the following immediately or as soon as possible!

If you have done any online transactions, call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts and/or change all of your account numbers.
 
From a clean computer change all of your online passwords including for email, banks, financial accounts, PayPal, eBay, online credit card companies and any online forums or groups you belong to etc.

DO NOT change passwords or do any transactions while using the infected computer. The attacker will get the new passwords and transaction information.
================================
Here is a scan that will tell if your computer actually has Virut.

Please go VirusTotal.com. Browse for this file:

c:\windows\system32\user32.DLL

Do the same for these two files:

C:\windows\system32\userinit.exe
C:\windows\explorer.exe

Then click submit.

If a pop-up appears saying the file has been scanned already, please select the ReScan button.

Please post the results (URL) to your next reply.

[bouncier]

http://www.virustotal.com/analisis/acd0ae7b4d5f871e148276c6cc4ae3a216e33f67fc78d827c16986e1f945438c-1280970992
http://www.virustotal.com/analisis/944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f-1280971427

Is this what you needed?  It said they previously analyzed the files and/or they gained access 13 and 14 April 2008!!  I'm going to start getting this handled, a clean format.  Yes, I do know how ...

Question:  Is there any way that a virus can get onto the installation disc??  It seems that I read somewhere that if All Caps were on it could or something to that effect.

I will check back with you before I totally wipe it clean.  Better yet, I will wait for your go ahead after I have taken care of everything else...

In case something happens and I am unable to get back, THANK YOU SOOO MUCH!!  aAt least now I know...

[SuperDave]

Did you forget to scan this file? C:\windows\explorer.exe
The other two files came back quite clean so you may not have Virut after all. The decision to reformat is totally up to you. The ESET scan shows that all the instances fo Virut were in System Restore so it's possible it may not have gotten into the OS files until someone hit Restore.

Is there any way that a virus can get onto the installation disc?? 

Not unless it was copied with an infected computer. If it's the original, it's good.
Please let me know your future course of action.

[bouncier]

I searched for exeplore.exe and didn't find it although it seems that in my travels through my directories I had seen a file with that name.  I will look again and scan if I find. 

If its no Virut, or if not throughout system, what is the course to take to eradicate for good??  one of the programs you previously mentioned?  i'll be back.

[bouncier]

http://www.virustotal.com/analisis/eccf9f7bb602e25cf9383be7856318c1fa679c0c4a354966b0ed723da17e8d24-1281045966

I couldn't find it because commy had it!! 

[SuperDave]

Are you still having problems with downloads?

Download Dr.Web CureIt to the desktop:
Dr WebCureIt

• Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, just let it cure whatever it finds...

  o Now, go to Settings >> Change Settings
  o Go to Actions tab >> under Objects section, change the settings to below
  Infected objects - Cure
  Incurable objects - Report
  Suspicious objects - Report
  o Don't change any other settings

• Start the scan again. This time, choose Complete Scan
  
• Click the green arrow button at the right, and the scan will start.
• After the scan finished, click Select all
  
• Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  
• When the scan has finished, in the menu, click File and choose Save report list
  
• Save the report to your Desktop. The report will be called DrWeb.csv
• Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
  

[bouncier]

Allrighty-I went to download, (Russian??) qne tried to download, nothing was happening.  So I did search and saw Bleeping Computer.  I went to that one because I know they are trusted.  Their download link took me to CNet.  I proceeded to download.  When it finished, it said that the free version was only for home PC's and did I want to go to the purchase page??  I said cancel and it brought up another screen that said _##_ viruses ... , and that the program was rebuilt _##_ per day, etc.  and then it asked me if I wanted to get the current version and I said yes.  I am back to the Russian page.

These are not verbatim but close.  I will try it again but thought you might want to know.

And my download attempts??  It was:  "not a valid win32 application", or  "the application configuration is incorrect" downloading the application again might fix this problem.  Almost every download has a problem, except if it is a ms windows - I believe.

[bouncier]

There was two reports, this one and one that was 65,733 KB.  I assume you want this one?? 

Softpedia is the first and only Dr. Web Cure It I found that I could download.  The site that is in Russian kept looping - start page then eula, etc.  I tried as I explained above, through Bleeping Computer, etc.  Just FYI.

Oh, the other download problem I have had is the "Gateway Timeout"

I think this doesn't look good but will wait for your comment.

Dave, even if this doesn't work, I so appreciate your time and personal attention given here.  I may go on to become a malware removal specialist because of you!!



A0028017.exe;C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175;Win32.Virut.56;Cured.;
A0028157.exe;C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP175;Win32.Virut.56;Cured.;
A0028248.exe;C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP177;Win32.Virut.56;Cured.;
A0028812.exe;C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179;Win32.Virut.56;Cured.;
A0028817.exe;C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP179;Win32.Virut.56;Cured.;
A0037945.scr;C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP193;Win32.Virut.56;Cured.;
A0040962.DLL;C:\System Volume Information\_restore{E6A610F7-930C-4195-B284-D1E0577DAE99}\RP206;Adware.Funweb.23;Incurable.Deleted.;
identity\unvised_41.bin;D:\Documents and Settings\bouncier\Local Settings\Application Data\identity;Probably BACKDOOR.Trojan;;
identity;D:\Documents and Settings\bouncier\Local Settings\Application Data;Container contains infected objects;Moved.;
stress-game.exe;D:\Documents and Settings\bouncier\Local Settings\Application Data;Joke.Puncher;Incurable.Deleted.;

[SuperDave]

Here's some information about the "not a valid win32 application" error message. Does it make any sense to you? Does the program download and then you get the error when you try to run the program?

[bouncier]

Hi, I had read that win32 topic when I first got here.  The not valid win32 msg comes up after download.  But it comes up on things I had used before, and things that should absolutely be okay.

Here's something for you:  My task bar icons have switched up, meaning that the one for Microsoft Security Essentials is now assigned to some casino; the super Antispyware icon has been assigned to another program.  My Security Essentials won't allow me to turn it back on; and I think that I actually did make back up or reinstall disks, plus I have my original. 

I just read the article about whether you should install a fresh operating system, and I believe that given the overall condition of my system, maybe I should just reinstall.  Bite the bullet and go for it.

Of course, if you don't think necessary, or if you see hope for current situation, i'll gladly hold off and listen...
thanks you more!!

[SuperDave]

I really believe that Virut is still infecting files. You should follow the instructions I post earlier, try to save your documents and reformat. Sorry

[bouncier]

I have been saving files, dumoing garbage, etc.   I re=ran Dr. Web and it did not find anything this time.  Is that because it could be gone or because the virus changed it's name and Dr. Web isn't aware???  I'm not entirely sure what these virus' can do...

Also, I downloaded Opera (cuz I like the widgets) and the problems I was having with IE, (not bringing up the page) is gone!

[SuperDave]

Please try re-running ESET and also the Virut test that I gave you earlier.

[BC_Programmer]

I've had to deal with virut myself, and trust me, it's a losing battle. It's a very feisty file infector. What I ended up doing was reformatting my primary drive, reinstalling windows, and then deleting all the infectable files off my data drive. The main problem is that unlike most viruses you can't just clean a bit at a time and come back later- if you leave <ANY> infected files they will just spread out over the clean ones again and your back where you started. What makes this even more annoying is that you could leave a executable in a deep nested hidden off directory, or there could be a program you use on a portable drive, and you think your clean for a good few weeks or a month, and you run the program and your infected again and in a matter of hours you're back in the very same position you were before.

It's one of the few viruses that almost always requires the brute force complete format to get rid of.