Author Topic: once badly infected-not sure what now (Read 17918 times)

bouncier · « **Reply #30 on:** August 13, 2010, 05:49:27 PM »

Can you point me in a direction to help ensure a good clean drive to start with?? I have reinstalled once, and now days later here I am. And thank you for the advice about the virut...I keep thinking I can beat it. I'm giving up.

One last question, there are PE Structure Viewers, Explorers, etc. out there that allow looking inside at the root of a file. I have downloaded one and looked at the nasty file. There is definitely some concerns but since I'm rebooting, it won't matter. But, is that software viewer able to help one successfully achieve eradication of Virut? If you know what you are looking for? I am stubborn, but not stupid however am also curious to no end!!

Appreciate all of your time and comments guys!!

SuperDave · « **Reply #31 on:** August 14, 2010, 04:53:48 PM »

Quote

But, is that software viewer able to help one successfully achieve eradication of Virut?

Most experts agree that you can't clean a Virut infection.

Quote

Can you point me in a direction to help ensure a good clean drive to start with??

If you do not know how to perform a fresh install, use this website -> www.windowsreinstall.com/

If you want to try a few more scans before reformatting, try these. These is one list in Reply#16. It's called Avira AntiVir rescue CD or Dr Web Live CD

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

bouncier · « **Reply #32 on:** September 16, 2010, 04:18:13 AM »

Hi Dave, remember me?? I am in the process of a complete from scratch reinstall. I wanted to run my user32.dll file through the Virus Total process to ensure I had clean install. I have a validated Windows Insallation disk. That is the only thing that has been on hard drive except for the floppy disk that was used to enable the brand new hard drive for use.

Virus Total indicates a trojan patched by the Hacker. the scan I did on last user32.dll file was a Win32.Banker by esafe.

I need some understanding on what the contents of the url as raised below and what direction I go now since apparently either the infection is on my installation disk or...?

Please!!!

THIS IS THE URL THAT I COPIED AND PASTED IN NOTEPAD; Please look at part where it says that "Virus Total's website has changed and that they need new translations... and do you want to help community"

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

<title>VirusTotal - Free Online Virus, Malware and URL Scanner</title>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="content-language" content="en" />
<meta name="keywords" content="virustotal, antivirus, infected, free, scan, online, malware, malicious" />
<meta name="description" content="VirusTotal is a free virus, malware and URL online scanning service" />
<meta name="copyright" content="Hispasec Sistemas" />
<meta name="author" content="Emiliano Martinez Contreras" />
<meta name="robots" content="index,follow" />

<link rel="alternate" type="application/rss+xml" title="VirusTotal Blog RSS Feed" href="http://blog.hispasec.com/virustotal/rss20.xml" />

<link rel="shortcut icon" href="http://virustotal.hispasecsistemas.netdna-cdn.com/img/favicon.ico" type="image/x-icon" />

<link rel="stylesheet" type="text/css" href="http://virustotal.hispasecsistemas.netdna-cdn.com/css/virustotal-min.css" />
<link type="text/css" href="http://virustotal.hispasecsistemas.netdna-cdn.com/css/custom-theme/jquery-ui-1.7.2.custom-min.css" rel="stylesheet" />

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>

<script type="text/javascript" src="http://virustotal.hispasecsistemas.netdna-cdn.com/js/common-min.js"></script>

</head>

<body>

<div id="shaded-screen"></div>

<center>

<div id="top-bar">
<table>
<tr>
<td style="width: 350px; text-align: left;">
<span id="community-banner">VT Community</span>
<span id="sign-in" class="clickable" style="padding-left: 8px;"> Sign in ▼</span>
<span id="my-account" class="clickable" style="padding-left: 8px; display: none;"> My account ▼</span>
<span id="sign-out" class="clickable" style="padding-left: 8px; display: none;"> Sign out</span>
<span id="signing-out" style="padding-left: 8px; display: none;">Signing out...
<img height="16" width="16" src="http://virustotal.hispasecsistemas.netdna-cdn.com/img/loading.gif" /></span>
</td>
<td style="width: 350px; text-align: right;">
<span id="drop-langs" class="clickable">Languages ▼</span>
</td>
</tr>
</table>

<div id="languages">
<div style="border: 5px solid #137DC6; background-color: #fff;">
<div id="inner-languages">
VirusTotal's website has changed, we need new translations, do you feel like helping the community?

<a class="contact" href="">[/url]
</div>
</div>
</div>

<div id="sign-in-box">

<div style="text-align: center; font-weight: bold; margin-bottom: 10px;">Sign in to VT Community</div>
<p>Safety ratings and user comments (disinfection, in-the-wild locations,
reverse engineering reports, etc.) on malware and URLs, free and easy.</p>

<table>
<tr>
<td style="width: 100px;">email</td>
<td><input id="email" name="email" type="text" class="text ui-widget-content ui-corner-all" style="width: 200px;" /></td>
</tr>
<tr>
<td style="width: 100px;">password</td>
<td><input id="password" name="password" type="password" class="text ui-widget-content ui-corner-all"
style="width: 200px;" /></td>
</tr>
<tr>
<td></td><td><input id="persist" type="checkbox"></input> <span style="font-weight: normal">Keep me logged in</span></td>
</tr>
<tr>
<td></td>
<td>
<div id="login-button" class="button" style="margin-top: 10px; font-size: 0.8em;">
<button id="login-submit" class="submission-button">Sign in</button>
</div>
<div id="login-loading" style="display: none;">
Signing in, please wait... <img height="16" width="16" src="http://virustotal.hispasecsistemas.netdna-cdn.com/img/loading.gif" />
</div>
</td>
</tr>
<tr>
<td></td>
<td>
<span id="login-failed" style="color:red; display: none;">Login failed, please try again</span>
</td>
</tr>
</table>
<table style="margin-top: 15px;">
<tr>
<td style="width: 175px; text-align: center;">
<a id="forgot" href="vt-community/forgot-password.html">Forgot your password?[/url]
</td>
<td style="width: 175px; text-align: center;"><a id="create" href="vt-community/register.html">Create an account[/url]</td>
</tr>
</table>

</div>

<div id="my-account-box">
<span class="ui-icon ui-icon-pencil" style="float: left; margin-right: .3em;"></span>
<a style="padding-left: 5px;" href="/vt-community/edit-profile.html">Edit my profile[/url]

<span class="ui-icon ui-icon-person" style="float: left; margin-right: .3em;"></span>
<a style="padding-left: 5px;" href="/vt-community/user-profile.html">View my profile[/url]

<span class="ui-icon ui-icon-mail-closed" style="float: left; margin-right: .3em;"></span>
<a style="padding-left: 5px;" href="/vt-community/inbox.html">Inbox[/url]

</div>

</div>

<table id="header" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2" height="20"></td>
</tr>
<tr>
<td valign="top">
<a href="/index.html">

[/url]
</td>
<td id="header-info" valign="bottom">
<h1>Virustotal is a <strong>service that analyzes suspicious files and URLs</strong> and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. <a href="/about.html">More information...[/url]</h1>
</td>
</tr>

</table>

<div id="updates" style="display: none;"></div>

<div id="content">

<div id="status">
<table style="margin: 8px;">
<tr>
<td style="width: 574px;">
<div style="background-color: #E2F1FF; margin-right: 20px; margin-bottom: 10px; padding: 5px; font-size: 0.9em;">
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware.
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
</div>
<div style="width: 120px; float:left; display: inline;">File name: </div><span id="status-object" class="blackthick">user32.dll</span>

<div style="width: 120px; float:left; display: inline;">Submission date: </div><span id="status-date" class="blackthick">2010-09-16 09:58:44 (UTC)</span>

<div style="width: 120px; float:left; display: inline;">Current status: </div><span id="status-1" class="redthick status">queued</span>
<span id="status-2" class="redthick status invisible">queued</span>
<span id="status-3" class="greenthick status invisible">analysing</span>
<span id="status-4" class="blackthick status invisible">finished</span>

<div id="processing-bar"><img width="220" height="16" border="0" alt="" src="http://virustotal.hispasecsistemas.netdna-cdn.com/img/loader.gif"/></div>
<div id="ratio" class="invisible">
<div style="width: 120px; float:left; display: inline;">Result: </div>
<span class="blackthick"><span id="detected" style="color: red"></span>/
<span id="status-total"></span></span>

</div>
</td>
<td style="width: 110px; text-align: center; border: 3px solid; border-color: #E2F1FF;">
<div class="blackthick" style="padding: 4px; background-color: #E2F1FF; margin-bottom: 4px;">VT Community</div>

<span style="font-size: 0.8em;" class="blackthick">not reviewed</span>

<span style="font-size: 0.8em;"> Safety score: - </span></td>
</tr>
</table>
</div>

<div id="report-manipulation" class="invisible">
<div style="height: 14px; text-align: right;">
<div style="font-size: 11px; position: absolute; display: block; float: left;">
<span class="ui-icon ui-icon-zoomout" style="float: left; margin-right: .3em;"></span>
<a onclick="openCompact();" href="#">Compact[/url]
</div>
<div style="font-size: 11px; display: block;">
<a href="javascript:window.print()">Print results[/url]
<span class="ui-icon ui-icon-print" style="display: -moz-inline-stack; display:inline-block; margin-right: .3em; vertical-align: top;"></span>
</div>
</div>
</div>

<div id="tablas">

<table width="700" border="0" cellpadding="0" cellspacing="0" id="tablaMotores">
<tr>
<th>Antivirus</th>
<th>Version</th>
<th>Last Update</th>
<th>Result</th>
</tr>
</table>

<table width="700" border="0" cellpadding="0" cellspacing="0" id="metadata-table">
<tr>
<th><div style="display:inline; float: left; padding-top: 5px;">Additional information</div>
<div class="button" style="display: inline; float: right;">
<button id="show-metadata" class="submission-button" style="font-size: 11px;">Show all</button>
</div>
</th>
</tr>
<tr>
<td><strong>MD5   :</strong> c72661f8552ace7c5c85e16a3cf505c4</td>
</tr>
<tr>
<td><strong>SHA1  :</strong> 19dc0854aaeaadf26bae8b7daace8115b5209f7 3</td>
</tr>
<tr>
<td><strong>SHA256:</strong> 380797a1d74b8c5cc0972f61d546666eb509950 be94256a1fbdbc06244bb564a</td>
</tr>
<tr style="display: none;">
<td><strong>File size :</strong> 577024 bytes</td>
</tr>
<tr style="display: none;">
<td><strong>First seen:</strong> 2008-12-02 20:35:24</td>
</tr>
<tr style="display: none;">
<td><strong>Last seen :</strong> 2010-09-16 09:58:44</td>
</tr>
<tr style="display: none;">
<td><strong>Magic:</strong> </td>
</tr>
</table>

<p />

<div class="blackthick" style="font-size: 12px; font-weight: bold; background-color: #EFEFEF; padding: 5px;">VT Community</div>

<p/>

<div id="num-comments" style="display:none;">0</div>

<div id="no-comments" class="bubble">
<blockquote class="odd" style="background-color: #E2F1FF;">
This file has never been reviewed by any VT Community member. Be the first one to
comment on it!

<cite class="odd"><strong>VirusTotal Team</strong></cite>
</div>

<div id="comment-form" style="font-size: 12px; font-weight: bold;">
<span id="#add-comment">Add your comment...
<span class="redthick">Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so.</span>

How to markup your comments? <span id="howtoMarkup" class="ui-icon ui-icon-info clickable" style="display: -moz-inline-stack; display:inline-block; margin-right: .3em; vertical-align: top;"></span></span>

<div class="help-popup" id="markupPopup" style="font-weight: normal;">
<span id="closeMarkup" class="ui-icon ui-icon-circle-close clickable" style="display: -moz-inline-stack; display:inline-block; margin-right: .3em; vertical-align: top; float: right;"></span>
<div>
You can add basic styles to your comments using the following accepted bbcode tags:

text -- bold

text -- italics

text -- underline

~~text~~ -- strikethrough

Code: [Select]

text -- preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending
a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.
</div>
</div>

<div id="preview" class="bubble" style="display:none; font-size: 1.0em; font-weight: normal;">
<blockquote id="comment-preview">

</div>

<textarea id="comment" class="comment-area"></textarea>

<div id="tags" style="margin-left: 50px; margin-top: 20px; display: block;">
<div style="width: 200px; display:inline; float:left;">
<input type="checkbox" name="Goodware"/><span id="goodware-tag">Goodware</span>
</div>
<div style="width: 200px; display:inline; float:left;">
<input type="checkbox" name="Malware"/><span id="malware-tag">Malware</span>
</div>
<div style="width: 200px; display:inline; float:left;">
<input type="checkbox" name="SpamAttachmentOrLink"/><span id="spam-tag">Spam attachment/link</span>
</div>

<div style="width: 200px; display:inline; float:left;">
<input type="checkbox" name="P2Pdownload"/><span id="p2p-tag">P2P download</span>
</div>
<div style="width: 200px; display:inline; float:left;">
<input type="checkbox" name="IMpropagating"/><span id="im-tag">Propagating via IM</span>
</div>
<div style="width: 200px; display:inline; float:left;">
<input type="checkbox" name="NetworkWorm"/><span id="networm-tag">Network worm</span>
</div>

<div style="width: 200px; display:inline; float:left;">
<input type="checkbox" name="DriveByDownload"/><span id="drive-tag">Drive-by-download</span>
</div>

</div>

<div id="anonym-limit" class="ui-widget" style="display: none;">
<div class="ui-state-highlight ui-corner-all" style="padding: 0 .7em; font-size: 0.8em; text-align: left;
margin-top: 0px; margin-bottom: 10px;">
<p style="font-weight: normal;">
<span class="ui-icon ui-icon-info" style="float: left; margin-right: .3em; "></span>
<strong>Anonymous limit exceeded:</strong> anonymous users can only make one comment per
file or URL, either sign in or register in order to continue making reviews on this item.
Note that anonymous user discrimination is based on IP addresses, hence, it may be possible
that another user behind your same proxy or NAT connection already made a review.
</p>
</div>
</div>

<div id="post-menu" style="margin-left: 150px; margin-right: 150px;">
<div id="preview-button" class="button" style="text-align: center; margin-top: 20px; float: left;">
<button id="preview-it" class="submission-button">Preview comment</button>
<button id="edit-it" style="display: none;" class="submission-button">Edit comment</button>
</div>
<div id="comment-button" class="button" style="text-align: center; margin-top: 20px; float: right;">
<button id="comment-submit" class="submission-button">Post comment</button>
</div>
</div>
<div id="posting-loading" style="text-align: center; display: none;">
Posting comment... <img height="16" width="16" src="http://virustotal.hispasecsistemas.netdna-cdn.com/img/loading.gif" />
</div>
<div id="successful-post" style="text-align: center; display: none;" class="greenthick">
Comment successfully posted
</div>

</div>

<form id="search" name="search" method="post" action="../search.html" style="display: none;">
<input id="chain" name="chain" type="text" size="60" />
</form>

<p/>

<p id="important">
<span class="ui-icon ui-icon-alert" style="float: left; margin-right: .3em;"></span>
<strong>ATTENTION:</strong> VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the
availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines
is far superior to that offered by just one product, <strong>these results DO NOT guarantee the harmlessness of a file</strong>.
Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
</p>

</div>

</div>

<div id="footer" style="margin-top: 10px;">
VirusTotal ©
<a href="http://www.hispasec.com/" target="_blank">Hispasec Sistemas[/url] -
<a target="_blank" href="http://blog.hispasec.com/virustotal/rss20.xml">
<span class="ui-icon ui-icon-signal-diag" style="display: -moz-inline-stack; display:inline-block; margin-right: .3em; vertical-align: top;"></span>
[/url]
<a href="http://blog.hispasec.com/virustotal/" target="_blank"> Blog[/url] -
<a href="http://www.twitter.com/virustotalnews" target="_blank">
<span class="ui-icon ui-icon-comment" style="display: -moz-inline-stack; display:inline-block; margin-right: .3em; vertical-align: top;"></span>
[/url]
<a href="http://www.twitter.com/virustotalnews" target="_blank">Twitter[/url] -
Contact: <a class="contact" href="">[/url] -
<a href="/terms.html">Terms of Service & Privacy Policy[/url]
</div>

THIS IS THE URL

</center>

<script type="text/javascript" src="http://virustotal.hispasecsistemas.netdna-cdn.com/js/filereportDynamic-min.js"></script>
<script type="text/javascript" src="http://virustotal.hispasecsistemas.netdna-cdn.com/js/jquery.pagination.js"></script>
<script type="text/javascript" src="http://virustotal.hispasecsistemas.netdna-cdn.com/js/comments-min.js"></script>

</body>

</html>
http://www.virustotal.com/file-scan/report.html?id=380797a1d74b8c5cc0972f61d546666eb509950be94256a1fbdbc06244bb564a-1284631124

SuperDave · « **Reply #33 on:** September 16, 2010, 04:45:46 PM »

One in 43 is nothing to worry about. Go ahead with your reformat and reinstall your OS.

Computer Hope Forum

News:

Author Topic: once badly infected-not sure what now (Read 17918 times)

bouncier

Re: once badly infected-not sure what now

SuperDave

Re: once badly infected-not sure what now

bouncier

Re: once badly infected-not sure what now

SuperDave

Re: once badly infected-not sure what now