Win32.virut NBL HELP!!!!

D

Droolmonster

Well-Known Member
Joined
Oct 26, 2009
Messages
284
Reaction score
1
Two days ago i got a virut on my PC.... ive been trying EVERYTHING to get it off but im sure it is just impossible, you name it, ive done it and really its just pissing me off that every single EXE on my PC is infected, i read that the best way (and maybe the only way) to get rid of it is to reformat my pc, BUT i have LOADS of data that i don't want to lose. SO basicly i just want to get the virus off my PC so i can put all my data on my 1TB External i bought today.... then il format my pc to make sure that damn bull **** is off for good. So does any1 know a program that can remove this bull ****?? (proven to work by you!)

Thanks :confused: :( :mad: :cry: :twisted:
 
Ooo Virut is a nasty one. Program that can remove it - no chance as it infects every .exe that executes. Just put your data on the external and reformat your PC, get MSE installed straight away before you plug your external back into your PC (it's an autorun propogated virus) to repair most infected files.
 
A decent program can still fix the exe files that were infected.

Try Microsoft Security Essentials and also Malwarebytes Anti-malware. They usually do a thorough job and can possibly save your system.
 
It's a bastard that one. It blocks internet access, the registry, Anti virus sites, even task manager is disabled, etc. It infects everything new like .exe et al. How did I defeat it. I got to use "Process explorer", a sort of better "task manager" which I ran over my network (Stick will also do), with it I suspended (not kill) all "funny processes" running eating cpu time. If you kill the process then the virus deliberately shut you down. If you suspend it it is fine. Then as Internet and anti virus sites are blocked and damaged deliberately I battled to get the online antivirus scanners working. AVG free and Microsoft essentials would not install. So I downloaded "Trend Housecall", a small .exe which I ran of a stick. This then pulled its required files of the net. Detected the damage and fixed/deleted what was required. I then discovered another remover from AVG called rmvirut.exe Also ran this from a stick and it killed most of the issues. Then I had to do a XP repair as the VirutX saw its losing the battle and damaged the "winlogon" process (clever bugger) and the PC would only reboot after I punched in the password. One I got going it was still not the end. I managed to restore internet functionality and then could download and install/run AVG free and Microsoft essentials (together). That broke the camels back as all new infections got blocked giving me time to repair the damage. Then ran Malwarebytes/SuperAntiSpyware and both found some more vermin. BTW in all this the virus Mazebat was also doing it's thing.
Done all this for my neighbors son.


So yeah the quickest is reformat else use the weapons available at your fingertips.
 
Last edited:
Not sure this will help :o

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Thats the key that disables the Task Manager... take a quick look through the Policies folder in registry for another keys that shouldn't be there (ie keys that have No infront of them)
 
Virut also tends to disable regedit ;)

I wonder where the resident virus guru has gone to?
 
Last edited:
Suggest you download Knoppix and use it to move/copy your data over to an external USB HDD.

Then, after you've moved/copied everything you need, do a full format and reinstall.

After the reinstall, download and install MSE first and update it. Then you can recover your data.

There is no other way - if an .EXE is damaged, best is to do a reinstall.
 
As penguin mentioned. However with a few extra twists

On an uninfected pc: Download rmvirut.exe from avg's website. Compress this exe to a zip file with a password. Once this is done open this zip and execute the file inside on the infected box. The app will complain virus files are resident in memory - scan on restart? Tell it yes and reboot. Once done scanning and repairing reset the computer with a Windows XP cd in the drive and start a repair installation. Once this is done start the computer in safe mode and do another scan :)
 
Drake2007 said:
@PsyWulf: That's quite an original solution with the zip file.
Click to expand...

Hehe,I have combatted this plague in an office with 140 workstations and 2 Domain Controllers infected to hells with this and sality combined. 2 Days of fun :)
 
Had an outbreak of this as well, and Symantec Endpoint Protection didn't do a thing about it. Well, not that I'm surprised! AVG took care of it ;)
 
The_Librarian said:
Two DC's? :eek:

Hope the DC's doesn't develop latent faults later on...
Click to expand...

The PDC has basically all but fallen over,i've isolated it to only do domain backup domain authentication ( NT4 emulation mode ftw ) with a spare 2003 Server handling the file shares while I sort out how-the-eff to replicate the Active Directory to a Ebox DC I set up as backup authentication box
 
Thanks a lot for the replys guys, i think il just backup my stuff and format my windows, most of the rest i already tryed... the problem is that there are no strange things in the processes list of my task manager... il try that zip thing with a password but if it fails then format here i come!!! :wtf:
 
Hi Drool,

Have you tried any online scanning? Can you even get internet access? I can also offer you a command line tool which will download the latest signature file and scan that specific machine.

What AV do you use may I ask?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X