Help with an infection

[Blackchildcx]

did bootscan help?

Didn't try it as it may delete the infected executable too leading the OS to damage.

but what will you do else?

[Lyon275]

Try some of these:

http://support.kaspersky.com/viruses/utility

It may help :P

[rudrax]

did bootscan help?

Didn't try it as it may delete the infected executable too leading the OS to damage.

but what will you do else?

http://www.nsaneforums.com/topic/174601-help-with-an-infection/page-3#entry595135

[Blackchildcx]

ok...all the best B)

[lordnsane]

the very same infection that infected me 4-5yrs ago before i switched to KIS, was using norton that time, of no use, tried AVG, avast, quickheal, they deleted notepad, and more system files, installed KIS, it disinfected each and every file in C:\, but the damage was done by previous AV's, so had to format and re-install windows, disabled the System Restore, installed KIS, and it disinfected each and every exe on that system without deleting them, as far as i remember, more than 50000 infection were found by KIS in my system...

Remember, the root of this virus only resides in System Volume Information and some system files starting on startup, so just before formatting, clear all the System restore points from each drive, system files would be deleted by format, and rest of the infections on other drives are additional code attached to an exe programmed for further infection, so these exe's can easily be disinfected by a good AV, who rely more on disinfecting rather than deleting the file itself, Kaspersky is a good example for it.. ^_^

[STEEL]

:doh: :rolleyes:

[HolySatan]

scan with combofix in safe mode

[dcs18]

Thanks sir for tha opportunity.

Link of what? I didn't get it.

The link to the Windows 8 ISO that you're downloading.

That's what you gave me. Here it is:

http://kuai.xunlei.com/d/APMDFXPGDQXK

Some good news and then some bad news

The Bad news first:-

• Barely a handful of persons have so far been documented on having retained their OS successfully after a disinfection from a Virut attack (without a reformat) - possibly the few ones who took immediate remedial measure before the malware went viral (sorry for the poor choice of pun) on critical .exe files.
• Virut is a polymorphic worm that spawns in various flavors - what that means is that the very first thing on it's mind is injecting malicious code into the System Volume Information directory (read that as System Restore.)
• What the above point also means is that every person who instigated you to perform the System Restore drove home the proverbial nail into your virtual coffin - that's unfortunate since the one commandment that never changed in the more than one decade span of computing security evolution is, "Thou shalt make a covenant that disableth thy System Restore >>---> for all times to come."

Good news:-

• Virut has not been observed to have been able to infiltrate into a .ISO container - it does breach .RAR and .CAB archives.

However, the above good news comes with a rider - Virut is a rapidly evolving worm which could have possibly upgraded itself to deal with a .ISO (I'm not sure - there's no documentation on the net to prove or disprove that.) :unsure:

Edit:-

Have left out other aspects of Virut due to the lack of direct relevance since you don't need to salvage your Windows 7.

[dMog]

after you get this cleaned up track down said little brother and string him up by his toes...no time the like the present for him to learn every action has an equal reaction

[unknownasphyxiated]

afaik, virut can only infect you if you run infected exe and scr file

for ISO,its does not run by itself, need other software either to extract/burn so i bet,virut won't infect ISO file

i had couple of experience handling virut and of course,my favourite virus, sality :lol:

A boring story

i had a self-extracting exe file that i made from 7z and it is infected with sality

instead of extracting it by double clicking the file which will start the infection,i just right click and extract using 7z in VM and it does not infect the OS

tried using av to disinfect the file and it made the file corrupted but still can be extracted

that why i write earlier that you need to start new and do backup all your data except for exe file

a stupid mistake caused me to redownload almost 10GB of installer,crack,keygen etc -_-

[DKT27]

I personally don't think ISO are that hard to manipulate. What I can advice however, is to use an AV or AM scanner and scan the ISO file (after it has completed downloading) before taking the decision to keep it or remove it.

Also, not sure if mentioned already, but if, what you are trying to download is an untouched Windows 8 ISO, then all you need is to keep a hash check on it. Cause if Virut has managed to infect the ISO, it's hash should be different.

[SnakeMasteR]

Windows 8 Pro VL (x64) English

Date: 8/15/2012

3327 MB

File Name: en_windows_8_pro_vl_x64_dvd_917699.iso

SHA1: 6DDEDEBE40AB59CB11823F62F475C43C4053FE60

[rudrax]

I personally don't think ISO are that hard to manipulate. What I can advice however, is to use an AV or AM scanner and scan the ISO file (after it has completed downloading) before taking the decision to keep it or remove it.

Also, not sure if mentioned already, but if, what you are trying to download is an untouched Windows 8 ISO, then all you need is to keep a hash check on it. Cause if Virut has managed to infect the ISO, it's hash should be different.

Yes I have already consulted the hash business with dcs18. Thanks for you head up (but you are late :angry: )