1.

Solve : once badly infected-not sure what now?

Answer»

Can you point me in a direction to help ensure a good clean drive to start with?? I have reinstalled once, and now days later here I am. And thank you for the advice about the virut...I keep thinking I can beat it. I'm giving up.

One last question, there are PE Structure Viewers, Explorers, etc. out there that allow looking inside at the root of a file. I have downloaded one and looked at the nasty file. There is definitely some concerns but since I'm rebooting, it won't matter. But, is that software viewer able to help one successfully achieve eradication of Virut? If you know what you are looking for? I am stubborn, but not stupid however am also curious to no end!!

Appreciate all of your time and comments guys!!Quote

But, is that software viewer able to help one successfully achieve eradication of Virut?
Most experts agree that you can't clean a Virut infection.

Quote
Can you point me in a direction to help ensure a good clean drive to start with??
If you do not know how to perform a fresh INSTALL, use this website -> www.windowsreinstall.com/

If you want to try a few more scans before reformatting, try these. These is one list in Reply#16. It's called Avira AntiVir rescue CD or Dr Web LIVE CD

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.Hi Dave, remember me?? I am in the process of a complete from scratch reinstall. I wanted to run my user32.dll file through the Virus Total process to ensure I had clean install. I have a validated Windows Insallation disk. That is the only thing that has been on hard drive except for the floppy disk that was used to enable the brand new hard drive for use.

Virus Total indicates a trojan patched by the Hacker. the scan I did on last user32.dll file was a Win32.Banker by esafe.

I need some understanding on what the contents of the url as raised below and what direction I go now since apparently either the infection is on my installation disk or...?

Please!!!




THIS IS THE URL THAT I COPIED AND PASTED IN NOTEPAD; Please look at part where it says that "Virus Total's website has changed and that they need new translations... and do you want to help community"




http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">



VirusTotal - Free Online Virus, Malware and URL Scanner









http://blog.hispasec.com/virustotal/rss20.xml" />

http://virustotal.hispasecsistemas.netdna-cdn.com/img/favicon.ico" type="image/x-icon" />

http://virustotal.hispasecsistemas.netdna-cdn.com/css/virustotal-min.css" />
http://virustotal.hispasecsistemas.netdna-cdn.com/css/custom-theme/jquery-ui-1.7.2.custom-min.css" rel="stylesheet" />

http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js">
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js">



http://virustotal.hispasecsistemas.netdna-cdn.com/js/common-min.js">











VT Community
Sign in ▼
My account ▼
Sign out
Signing out...
http://virustotal.hispasecsistemas.netdna-cdn.com/img/loading.gif" />
Languages ▼





VirusTotal's website has changed, we need new translations, do you feel like helping the community?

[/url]






Sign in to VT Community

Safety ratings and user comments (disinfection, in-the-wild locations,
reverse engineering reports, etc.) on malware and URLs, free and easy.



email
password style="width: 200px;" />
Keep me logged in


Sign in


Signing in, please wait... http://virustotal.hispasecsistemas.netdna-cdn.com/img/loading.gif" />

Login failed, please try again


Forgot your password?[/url]
 Create an account[/url]






Edit my profile[/url]


View my profile[/url]


Inbox[/url]






[/url]
Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...[/url]










0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware.
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name: user32.dll

Submission date: 2010-09-16 09:58:44 (UTC)

Current status: queued
queued
analysing
finished

http://virustotal.hispasecsistemas.netdna-cdn.com/img/loader.gif"/>

Result:
/
VT Community


not reviewed

 Safety score: - 







Compact[/url]


Print results[/url]







Antivirus Version Last Update Result


Additional information

Show all
MD5   : c72661f8552ace7c5c85e16a3cf505c4
SHA1  : 19dc0854aaeaadf26bae8b7daace8115b5209f7 3
SHA256: 380797a1d74b8c5cc0972f61d546666eb509950 be94256a1fbdbc06244bb564a
File size : 577024 bytes
First seen: 2008-12-02 20:35:24
Last seen : 2010-09-16 09:58:44
Magic:




VT Community




0



This file has never been reviewed by any VT Community member. Be the first one to
comment on it!

VirusTotal Team



Add your comment...
Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so.

How to MARKUP your comments?





You can add basic styles to your comments using the following accepted bbcode tags:


text -- bold

text -- italics

text -- underline

text -- strikethrough

Code: [Select]text -- preformatted text


You can also ADDRESS comments to particular users using the "@" twitter-like mode. By prepending
a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.












Goodware


Malware


Spam attachment/link






P2P download


Propagating via IM


Network worm






Drive-by-download













Anonymous limit exceeded: anonymous users can only make one comment per
file or URL, either sign in or register in order to continue making reviews on this item.
Note that anonymous user discrimination is based on IP addresses, hence, it may be possible
that another user behind your same proxy or NAT connection already made a review.







Preview comment
Edit comment


Post comment



Posting comment... http://virustotal.hispasecsistemas.netdna-cdn.com/img/loading.gif" />


Comment successfully posted





















ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the
availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines
is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file.
Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.









VirusTotal ©
http://www.hispasec.com/" target="_blank">Hispasec Sistemas[/url] -
http://blog.hispasec.com/virustotal/rss20.xml">

[/url]
http://blog.hispasec.com/virustotal/" target="_blank"> Blog[/url] -
http://www.twitter.com/virustotalnews" target="_blank">

[/url]
http://www.twitter.com/virustotalnews" target="_blank">Twitter[/url] -
Contact: [/url] -
Terms of Service & Privacy Policy[/url]










THIS IS THE URL



http://virustotal.hispasecsistemas.netdna-cdn.com/js/filereportDynamic-min.js">
http://virustotal.hispasecsistemas.netdna-cdn.com/js/jquery.pagination.js">
http://virustotal.hispasecsistemas.netdna-cdn.com/js/comments-min.js">








http://www.virustotal.com/file-scan/report.html?id=380797a1d74b8c5cc0972f61d546666eb509950be94256a1fbdbc06244bb564a-1284631124One in 43 is nothing to worry about. Go ahead with your reformat and reinstall your OS.


Discussion

No Comment Found

Related InterviewSolutions