Problem with a virus

Hello,

A few days ago I caught the W32.Virut.cf virus
I am trying to remove it but it keeps coming back. I have Norton antivirus
2009.
Anyway since the time I found the virus I can not access Windows Update and
every antivirus website (Symantec, Mcafee and others) but I can access every
other website. when I try to access the windows Update webpage I just get
that white page that says that Internet Explorer can not open the site. Do
you know anyway that I can access the Windows Update website concerning my
problem?
I have winXP Professional.
I am writing to this Newsgroup from another computer.

Any help concerning the virus or the update page will be very appreciated
since I am trying to do anything possible to solve my problem and I also want
to download the latest windows updates.

Thank you in advance.
Dimitris

 

Dimitris wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> A few days ago I caught the W32.Virut.cf virus
> I am trying to remove it but it keeps coming back. I have Norton antivirus
> 2009.
> Anyway since the time I found the virus I can not access Windows Update
> and every antivirus website (Symantec, Mcafee and others) but I can access
> every other website. when I try to access the windows Update webpage I
> just get that white page that says that Internet Explorer can not open the
> site. Do you know anyway that I can access the Windows Update website
> concerning my problem?
> I have winXP Professional.
> I am writing to this Newsgroup from another computer.
>
> Any help concerning the virus or the update page will be very appreciated
> since I am trying to do anything possible to solve my problem and I also
> want to download the latest windows updates.
> <!--colorc--><!--/colorc-->
I don't know why your Norton couldn't catch it, but Symantec has a removal
tool here:



You might also want to go through these malware removal steps:



Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

- instructions
- download link and more instructions

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -

Or here: Malwarebytes malware removal guides -

When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
POST LOGS IN THE MS NEWSGROUPS.

You will need to get the tools, etc. from a different known-clean computer
and put them on a USB thumb drive or burn to CD-R. After you get the
machine cleaned up you'll be able to get to Windows Update and other
security-related sites.

If you can't do the work yourself (and there is no shame in admitting this
isn't your cup of tea), take the machine to a professional computer repair
shop (not your local equivalent of BigComputerStore/GeekSquad). Please be
aware that not all local shops are skilled at removing malware and even if
they are, your computer may be so infested that Windows will need to be
clean-installed. If possible, have all your data backed up before you take
the machine into a shop.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!

 

From: "Dimitris" <Dimitris@discussions.microsoft.com>

| Hello,

| A few days ago I caught the W32.Virut.cf virus
| I am trying to remove it but it keeps coming back. I have Norton antivirus
| 2009.
| Anyway since the time I found the virus I can not access Windows Update and
| every antivirus website (Symantec, Mcafee and others) but I can access every
| other website. when I try to access the windows Update webpage I just get
| that white page that says that Internet Explorer can not open the site. Do
| you know anyway that I can access the Windows Update website concerning my
| problem?
| I have winXP Professional.
| I am writing to this Newsgroup from another computer.

| Any help concerning the virus or the update page will be very appreciated
| since I am trying to do anything possible to solve my problem and I also want
| to download the latest windows updates.

| Thank you in advance.
| Dimitris


Virut is a TRUE file infecting virus and is a serious infection. You not only have to
clean the OS completely but scan any Read/Write media where you have written files to.

Since Virut infects so many OS files, you should consider using a surrogate PC and an anti
virus solution that is good at CLEANING a file or wipe the PC and renstall the OS from
scratch.

The McAfee command line scanner available thriugh my Multiu AV Scanning Tool is excellent
at cleaning Virut infected files. You can remove the hard disk from the affected computer
and install it on a surrogate PC. Using the Multi AV Scanning Tool McAfee module you can
scan the affected hard disk. If this sounds even remotely complicated, wipe the PC and
reinstall the OS from scratch.


--
Dave

Multi-AV -

 

[In for a penny...]

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

1. See if you can download/run the MSRT manually:


NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:


3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware







**Seek expert assistance in
,
,
,
or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

=====================
Start a free Windows Update support incident request:


Support for Windows Update:


For home users, no-charge support is available by calling 1-866-PCSAFETY in
the United States and in Canada or by contacting your local Microsoft
subsidiary. There is no-charge for support calls that are associated with
security updates.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002


Dimitris wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Hello,
>
> A few days ago I caught the W32.Virut.cf virus
> I am trying to remove it but it keeps coming back. I have Norton antivirus
> 2009.
> Anyway since the time I found the virus I can not access Windows Update
> and
> every antivirus website (Symantec, Mcafee and others) but I can access
> every
> other website. when I try to access the windows Update webpage I just get
> that white page that says that Internet Explorer can not open the site. Do
> you know anyway that I can access the Windows Update website concerning my
> problem?
> I have winXP Professional.
> I am writing to this Newsgroup from another computer.
>
> Any help concerning the virus or the update page will be very appreciated
> since I am trying to do anything possible to solve my problem and I also
> want to download the latest windows updates.
>
> Thank you in advance.
> Dimitris <!--colorc--><!--/colorc-->

 

"Dimitris" <Dimitris@discussions.microsoft.com> wrote in message
news:53BCD60D-E326-40C3-AEB7-E90B5AF3855B@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Hello,
>
> A few days ago I caught the W32.Virut.cf virus<!--colorc--><!--/colorc-->

That is really bad news. Flatten and rebuild is best, or recover from an
image made prior to infection. IMO there are too many unknowns with this
malware family to think a cleaning will work. Depending on your system,
your network (if you have one) could be at risk also.

 

Thank you all for your answers. You have been very helpfull. I will reinstall
Windows XP and I hope that the problem will be solved. But I do have a
problem. I backed-up all my documents and files in a USB drive and I realised
that the USB drive has also been infected! So I guess I can not use that
drive to reinstall my files when I clean my OS. So how can I back-up my files
again without infecting the media I use for back-up?

What should I do?

Thank you.
Dimitris

 

From: "Dimitris" <Dimitris@discussions.microsoft.com>

| Thank you all for your answers. You have been very helpfull. I will reinstall
| Windows XP and I hope that the problem will be solved. But I do have a
| problem. I backed-up all my documents and files in a USB drive and I realised
| that the USB drive has also been infected! So I guess I can not use that
| drive to reinstall my files when I clean my OS. So how can I back-up my files
| again without infecting the media I use for back-up?

| What should I do?

| Thank you.
| Dimitris

You said; "...I realised that the USB drive has also been infected!"
How did you come to this ?
Are you assuming that the files are infected ? What files ?

Virut will NOT infect the "USB drive", it will only infect certain types of files like
executables.

--
Dave

Multi-AV -

 

Dimitris wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Thank you all for your answers. You have been very helpfull. I will
> reinstall Windows XP and I hope that the problem will be solved. But I do
> have a problem. I backed-up all my documents and files in a USB drive and
> I realised that the USB drive has also been infected! So I guess I can not
> use that drive to reinstall my files when I clean my OS. So how can I
> back-up my files again without infecting the media I use for back-up?<!--colorc--><!--/colorc-->

As David said, your USB thumb drive may be infected with something else but
I would definitely proceed under the assumption that it is infected with
something. Here's what I'd do:

1. On a computer that is OFF, insert your USB thumb drive. If the computer
has two optical drives, leave the burner empty and see #2. If the computer
only has one optical drive, insert a second USB thumb drive with enough
capacity to hold your data files or use a USB external hard drive.

2. Boot that computer with a Linux Live CD, using the ROM drive (or a second
burner). I use Knoppix. To get Knoppix, you need a computer with a fast
Internet connection and third-party burning software. Download the
Knoppix .iso and create your bootable CD.



3. Once booted into Knoppix, it will see your USB drive(s) and the external
hard drive if you went that route. Copy the data from the infected USB
drive to the second "good" USB drive or use the external hard drive. Or if
you have the second optical drive, use the burning program k3b to burn
your data. Don't take any executables; only documents, pictures, etc. Once
you've got all your data either burned to DVD/CD-R (not RW!) or on the
external hard drive or "good" USB drive, use the gparted program to format
your infected thumb drive FAT32.

4. To be absolutely safe, I would put the USB drive (or CD or hard drive)
holding the data into a working testbed box that is running a good
antivirus and scan it thoroughly before putting it on your newly clean box.
Obviously you won't be able to do anything with infected files burned on a
CD but you will know if they are infected and not copy them to your clean
install of Windows! If they are infected, consider them gone. I recommend
NOD32 (commercial) or Avast if you must have a free antivirus.

Doing all this requires a certain level of computer skills. You know
yourself best and whether taking the machine to a competent local computer
tech (not a BigComputerStore/GeekSquad type of place). The tech will have
to understand about malware, infected USB drives, and how to work in Linux.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!

 

"Dimitris" <Dimitris@discussions.microsoft.com> wrote in message
news:36261384-950D-400A-9CD4-094C298E5CFA@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Thank you all for your answers. You have been very helpfull. I will
> reinstall
> Windows XP and I hope that the problem will be solved. But I do have a
> problem. I backed-up all my documents and files in a USB drive and I
> realised
> that the USB drive has also been infected!<!--colorc--><!--/colorc-->

Backed up files wouldn't be infected, however, infected files may have
been backed up. To be safe be sure to scan them before allowing them
back onto the now clean machine.

Have you read this?

 

Dimitri,

Actually your concern should be more focus to how it got in your system...
good point with USB but since you already have an AV "suppose it was given a
name it was already detected"
be more concern on the part that how it bypass the AV you have + the entry
vector. Virut virus are live in the internet connection packaged with
exploits please update all your system since they can be a good repository
for virut since it infects binary specific to scr/exe files other files are
safe to backup.

usually virut is only potent if you don’t have an active action detection is
useless to it. better reevaluate your Anti-virus.

"Dimitris" <Dimitris@discussions.microsoft.com> wrote in message
news:36261384-950D-400A-9CD4-094C298E5CFA@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Thank you all for your answers. You have been very helpfull. I will
> reinstall
> Windows XP and I hope that the problem will be solved. But I do have a
> problem. I backed-up all my documents and files in a USB drive and I
> realised
> that the USB drive has also been infected! So I guess I can not use that
> drive to reinstall my files when I clean my OS. So how can I back-up my
> files
> again without infecting the media I use for back-up?
>
> What should I do?
>
> Thank you.
> Dimitris <!--colorc--><!--/colorc-->