win32/huer has completly disable me.

[jakerman999]

the computer that I am posting this from is not infected.
the computer that is infected does not have access to the Internet.

I am running windows xp service pack 2.
spybot has been disabled.
avg8 has run, but it has not updated since Monday(15th).
avg found win32/heur and seemed to heal it, but the symptoms are still here.
ccleaner ran but did not remove the virus. the registry function had some positive effects, but did not fix it.
superantispyware refuses to install.
Malware-bytes will install, but will not run after installation.
I believe that java is at the latest version, but cannot test this as the computer does not have Internet.

hijackThis ran, and found several things. but the owner of the computer I am on does not want me to bring the file over for fear that it will infect her machine(windows vista).

can the virus spread through text documents? is there a way to bring the file over without risk?

I can bring files from the Internet to the infected machine, but unless I have a secure method, the other way is not something I would like to attempt.


*UPDATE*
by installing a fresh copy of windows on the same partition, I managed to clean the old windows files of the virus. now when I start the computer, the virus shouldn't activate. I'm currently trying to remove the last traces of the virus, and I'm pleased to say that I now have internet.

I shall post the logs as soon as I can complete the runs.

on a possibly related note, the driver for my soundcard will no longer be read, and is thwarting all attempts to be reinstalled.

[evilfantasy]

This is a variation of Virut. sadly there is no cure for this infection. You must reformat and reinstall Windows.

Read this response closely, it says it all about this infection > http://www.bleepingcomputer.com/forums/index.php?showtopic=209782&view=findpost&p=1185502

[jakerman999]

This is a variation of Virut. sadly there is no cure for this infection. You must reformat and reinstall Windows.

Read this response closely, it says it all about this infection > http://www.bleepingcomputer.com/forums/index.php?showtopic=209782&view=findpost&p=1185502

you give up much to easily my friend. I have installed a fresh version of windows, but have not reformatted my hard drive. everything works, but my files from before are now in the wrong location.

if you cannot help me remove it, I shall fight this myself.

just tell me, the virut only infects *.exe, *.scr, *.html, and *.htm correct? is there anything else that it infects before I begin my campaign?

[kpac]

you give up much to easily my friend.

Heh, there's no thinking involved with this infection.

See this 5 page topic trying to get rid of this virus: http://www.computerhope.com/forum/index.php/topic,77342.0.html
And all to no avail.

[evilfantasy]

The new version also infects .doc, .dll, .mp3 and on and on.

everything works, but my files from before are now in the wrong location.

This is why you have to reformat first. You installed Windows over itself and now everything is all messed up.

[jakerman999]

just because we don't know of a cure doesn't mean that there isn't one. people thought for years that the black plague was incurable.

I refuse to let this machine be another casualty. I have it working nearly perfectly, and will remove the virus from it, with or without help.

reformatting isn't a last resort, it's what you try when last resort fails.

[evilfantasy]

http://www.computerhope.com/forum/index.php/topic,77342.0.html

Read that and then tell me I didn't try.

Also see what the actual professionals have to say about it.

http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
http://www.sophos.com/security/blog/2008/05/1436.html

People who are much better than me won't even do it, not in a forum setting anyway.

Just consider this. Leaving the computer, without reformatting means there is always the possibility that something nasty is still on the computer. What is it doing and is it a risk to your personal/financial information? If you want to take that chance then thats fine with me. I won't help knowing that I may be and probably would be wrong in saying the computer is clean. It would be misleading to you and very irresponsible of me.

[jakerman999]

since you've already identified the problem, and provided some handy links to descriptions and cases and whatnot(I read the entire pages, not just the main article) I will take action.

but again, reformatting is not currently an action.

I have no concern about personal or financial information being stolen, nothing that I say about myself on the internet is real, I always have a forged Identity. and all my banking is done the old fashion way, at the bank.

with this in mind, I have found a number of programs and options that seem to have worked in the past. I will post the list here and take your recommendation on which action to take(providing of course, that your recommendation is not reformat).

RMVIRUT
Panda Activescan
killing suspected processes with "whats running"
FixVirut by symantec

if any of these should not be run, let me know.

[kpac]

To have some chance of removing this virus, you need a professional sitting in front of the computer.

Okay, here's the problem with Virut....
Virut infects system files with itself, e.g. svchost.dll is involved in connecting your computer to the internet. And, most ant-virus programs will detect it as a virus, but then they will delete the file. Straight away, you have an unstable OS.
There are a number of programs that will attempt to "cure" the file, e.g. remove the virus from the file, but they won't delete the file. There is a problem with this also...Virut infects all .exe files, which is more than likely what the program will be. It is also polymorphic, which means any anti-virus cannot catch it fast enough.

Just try something...
Download Dr.Web CureIt. Immediately after download, rename the file launch.exe to launch.com. Then try running the program. The reason for this is so Virut won't infect the file before you run it.

You might also want to try this: Microsoft® Windows® Malicious Software Removal Tool (KB890830)

[jakerman999]

Just try something...
Download Dr.Web CureIt. Immediately after download, rename the file launch.exe to launch.com. Then try running the program. The reason for this is so Virut won't infect the file before you run it.

I believe that is the same strategy that FixVirut has. it is a .com file as well.

I do not believe that the virus is running, as I have disabled all startup tasks(through the startup manager in ccleaner) and have not touched any of the files that were installed on the machine prior to infection (I installed windows with new I.D.s, which is why I cannot access them without making an effort. they are not in the wrong place because of an error I made).

I shall try both of th methods you have suggested, but how will I know if they succeed? how will I test if any of the methods and fixes succeed?

edit:I just realized that with the power of firefox downthemall, I can change the extension on a program before it is downloaded.

[jakerman999]

I've run dr. web cure it, and all the anti virus software recommended @ http://www.computerhope.com/forum/index.php/topic,46313.0.html

attached are the logs.

[attachment deleted by admin]