[Not curable - Virut] can't remove Type_Win32

trubbled · 2009/10/05

my computer recently (I even do not know for how long ...) is being destroyed by virus called Type_Win32. For about 6 months I had been using free antivirus Avast. I have downloaded several softwares from untrusted sites (I know, I'm dumb..). Avast did not find any malicious things, but suddenly broke my In.Explorer plus Windows Media Player and even got worse. I couldn't open my control panel etc. My computer started restarting by himself. And then Avast antivirus started noticing that I have some viruses but it couldn't remove them. I got panic and turned off internet cable, deleted some recently downloaded programs and reinstaled Windows Vista (yes, I'm using Vista) from CD. Then I downloaded Kaspersky anti-virus 2010 trial and scaned my laptop. It found 3922 malicious objects and desinfected or deleted almost all (e.g. Virus.Win32.Virut.ce, Trojan-Game thief.Win32.WOW.tte, Trojan.Win32.Crypt.bgj, Packed.Win32.****.w, Trojan.Win32.C4DLMedia.b, Trojan-Downloader.Win32.Genome.sfm). What Kaspersky did not do is that he did not desinfected or deleted the virus Type_Win32 (they're 22). It only quarantined them and I don't know what to do next...

Please, help me, I've started this WAR since friday and I'm loosing my last hope to fix quite new laptop.

Admin. · 2009/10/05

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

trubbled · 2009/10/05

thanks, I'm realy no good at this. so I'm posting here:
DDS (Ver_09-09-29.01) - NTFSx86
Run by kristina at 18:43:05,55 on 2009.10.05
Internet Explorer: 7.0.6000.16890
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1257.370.1033.18.2046.1186 [GMT 3:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OMNITEL\Omni Connect\Omni Connect.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\wuauclt.exe
C:\Users\kristina\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe "
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\omnico~1.lnk - c:\program files\omnitel\omni connect\Omni Connect.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-5-15 21008]
R2 GtFlashSwitch;GtFlashSwitch;c:\program files\common files\gtflashswitch\GtFlashSwitch.exe [2007-2-9 176128]
R3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [2007-1-15 17152]
R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2007-1-15 122240]
R3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-1-15 8064]
R3 GTSCSER;GT SC SER;c:\windows\system32\drivers\gtscser.sys [2007-1-15 20992]
R3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2007-1-15 36992]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

=============== Created Last 30 ================

2009-10-05 09:42 229,888 a------- c:\windows\system32\msshsq.dll
2009-10-04 20:05 268,800 a------- c:\windows\system32\es.dll
2009-10-04 17:23 <DIR> --d----- C:\virutkiller
2009-10-04 10:24 205,824 a------- c:\windows\system32\msoeacct.dll
2009-10-04 10:24 87,040 a------- c:\windows\system32\msoert2.dll
2009-10-04 10:24 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-10-04 10:11 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-04 09:55 2,048 a------- c:\windows\system32\tzres.dll
2009-10-04 09:51 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-10-04 09:51 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-10-04 09:51 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-04 09:50 1,244,672 a------- c:\windows\system32\mcmde.dll
2009-10-04 09:50 428,032 a------- c:\windows\system32\EncDec.dll
2009-10-04 09:50 292,352 a------- c:\windows\system32\psisdecd.dll
2009-10-04 09:50 217,088 a------- c:\windows\system32\psisrndr.ax
2009-10-04 09:50 177,152 a------- c:\windows\system32\mpg2splt.ax
2009-10-04 09:50 80,896 a------- c:\windows\system32\MSNP.ax
2009-10-04 09:50 68,608 a------- c:\windows\system32\Mpeg2Data.ax
2009-10-04 09:50 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-10-04 09:46 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2009-10-04 09:46 356,352 a------- c:\windows\system32\wbem\wbemcomn.dll
2009-10-04 09:46 24,064 a------- c:\windows\system32\wtsapi32.dll
2009-10-04 09:46 258,232 a------- c:\windows\system32\drivers\acpi.sys
2009-10-04 09:46 20,920 a------- c:\windows\system32\drivers\compbatt.sys
2009-10-04 09:46 14,208 a------- c:\windows\system32\drivers\CmBatt.sys
2009-10-04 09:46 11,264 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-10-04 09:45 28,344 a------- c:\windows\system32\drivers\battc.sys
2009-10-04 09:45 542,720 a------- c:\windows\system32\sysmain.dll
2009-10-04 09:45 714,240 a------- c:\windows\system32\timedate.cpl
2009-10-04 09:45 194,560 a------- c:\windows\system32\WebClnt.dll
2009-10-04 09:45 110,080 a------- c:\windows\system32\drivers\mrxdav.sys
2009-10-04 09:44 1,657,350 a------- c:\windows\system32\wlan.tmf
2009-10-04 09:44 123,904 a------- c:\windows\system32\L2SecHC.dll
2009-10-04 09:44 12,876 a------- c:\windows\system32\wbem\wlan.mof
2009-10-04 09:44 290,816 a------- c:\windows\system32\wlanmsm.dll
2009-10-04 09:44 67,584 a------- c:\windows\system32\wlanhlp.dll
2009-10-04 09:44 47,104 a------- c:\windows\system32\wlanapi.dll
2009-10-04 09:44 502,272 a------- c:\windows\system32\wlansvc.dll
2009-10-04 09:44 297,984 a------- c:\windows\system32\wlansec.dll
2009-10-04 09:43 2,028,032 a------- c:\windows\system32\win32k.sys
2009-10-04 09:42 289,792 a------- c:\windows\system32\atmfd.dll
2009-10-04 09:42 156,160 a------- c:\windows\system32\t2embed.dll
2009-10-04 09:42 34,304 a------- c:\windows\system32\atmlib.dll
2009-10-04 09:42 24,064 a------- c:\windows\system32\lpk.dll
2009-10-04 09:42 10,240 a------- c:\windows\system32\dciman32.dll
2009-10-04 09:42 72,704 a------- c:\windows\system32\fontsub.dll
2009-10-04 09:41 376,320 a------- c:\windows\system32\winsrv.dll
2009-10-04 09:41 49,664 a------- c:\windows\system32\csrsrv.dll
2009-10-04 09:41 2,855,424 a------- c:\windows\system32\mf.dll
2009-10-04 09:41 98,816 a------- c:\windows\system32\mfps.dll
2009-10-04 09:41 52,736 a------- c:\windows\system32\rrinstaller.exe
2009-10-04 09:41 2,048 a------- c:\windows\system32\mferror.dll
2009-10-04 09:41 24,576 a------- c:\windows\system32\mfpmp.exe
2009-10-03 22:59 <DIR> --d----- c:\windows\Panther
2009-10-03 22:58 <DIR> --d----- c:\windows\system32\OEM
2009-10-03 22:10 <DIR> --d----- C:\Windows.old.001
2009-10-03 21:45 <DIR> -cd----- C:\Windows.old.000
2009-10-03 20:53 <DIR> --d----- C:\Windows.old
2009-10-03 17:22 376,832 a------- c:\windows\system32\winhttp.dll
2009-10-03 17:20 71,680 a------- c:\windows\system32\atl.dll
2009-10-03 17:17 297,472 a------- c:\windows\system32\gdi32.dll
2009-10-03 17:16 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2009-10-03 17:13 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-10-03 17:12 374,456 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-10-03 17:10 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-10-03 17:10 30,208 a------- c:\windows\system32\xolehlp.dll
2009-10-03 17:09 156,160 a------- c:\windows\system32\wkssvc.dll
2009-10-03 17:07 116,736 a------- c:\windows\system32\aaclient.dll
2009-10-03 17:07 36,352 a------- c:\windows\system32\tsgqec.dll
2009-10-03 17:07 1,871,872 a------- c:\windows\system32\mstscax.dll
2009-10-03 17:06 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-10-03 17:04 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-10-03 17:04 2,048 a------- c:\windows\system32\msxml3r.dll
2009-10-03 17:03 414,208 a------- c:\windows\system32\msscp.dll
2009-10-03 17:02 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-10-03 17:00 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-10-03 17:00 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-10-03 17:00 86,016 a------- c:\windows\system32\icfupgd.dll
2009-10-03 17:00 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-10-03 17:00 16,896 a------- c:\windows\system32\wfapigp.dll
2009-10-03 17:00 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-10-03 17:00 61,952 a------- c:\windows\system32\cmifw.dll
2009-10-03 17:00 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-10-03 17:00 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-10-03 16:55 696,832 a------- c:\windows\system32\localspl.dll
2009-10-03 16:54 123,904 a------- c:\windows\system32\msvfw32.dll
2009-10-03 16:54 88,576 a------- c:\windows\system32\avifil32.dll
2009-10-03 16:54 82,944 a------- c:\windows\system32\mciavi32.dll
2009-10-03 16:54 65,024 a------- c:\windows\system32\avicap32.dll
2009-10-03 16:54 31,232 a------- c:\windows\system32\msvidc32.dll
2009-10-03 16:54 12,800 a------- c:\windows\system32\msrle32.dll
2009-10-03 16:51 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2009-10-03 16:51 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-10-03 16:51 109,624 a------- c:\windows\system32\drivers\ataport.sys
2009-10-03 16:51 17,464 a------- c:\windows\system32\drivers\intelide.sys
2009-10-03 16:51 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2009-10-03 16:51 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2009-10-03 16:49 104,448 a------- c:\windows\system32\DWWIN.EXE
2009-10-03 16:48 2,923,520 a------- c:\windows\explorer.exe
2009-10-03 16:42 604,140 a--sh--- c:\windows\system32\drivers\ISwift3.dat
2009-10-03 16:42 192,000 a------- c:\windows\system32\drivers\usbhub.sys
2009-10-03 16:42 38,400 a------- c:\windows\system32\drivers\usbehci.sys
2009-10-03 16:42 23,040 a------- c:\windows\system32\drivers\usbuhci.sys
2009-10-03 16:42 8,704 a------- c:\windows\system32\hcrstco.dll
2009-10-03 16:42 8,704 a------- c:\windows\system32\hccoin.dll
2009-10-03 16:42 5,888 a------- c:\windows\system32\drivers\usbd.sys
2009-10-03 16:42 224,768 a------- c:\windows\system32\drivers\usbport.sys
2009-10-03 16:42 73,216 a------- c:\windows\system32\drivers\usbccgp.sys
2009-10-03 16:40 107,547 a------- c:\windows\system32\drivers\klin.dat
2009-10-03 16:40 95,259 a------- c:\windows\system32\drivers\klick.dat
2009-10-03 16:39 <DIR> --d----- c:\programdata\Kaspersky Lab
2009-10-03 16:39 <DIR> --d----- c:\program files\Kaspersky Lab
2009-10-03 16:39 <DIR> --d----- c:\progra~2\Kaspersky Lab
2009-10-03 16:38 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-10-03 16:38 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-10-03 16:37 494,592 a------- c:\windows\system32\kerberos.dll
2009-10-03 16:37 408,136 a------- c:\windows\system32\drivers\ksecdd.sys
2009-10-03 16:37 216,576 a------- c:\windows\system32\msv1_0.dll
2009-10-03 16:37 175,104 a------- c:\windows\system32\wdigest.dll
2009-10-03 16:37 72,704 a------- c:\windows\system32\secur32.dll
2009-10-03 16:37 7,680 a------- c:\windows\system32\lsass.exe
2009-10-03 16:37 1,233,920 a------- c:\windows\system32\lsasrv.dll
2009-10-03 16:37 272,384 a------- c:\windows\system32\schannel.dll
2009-10-03 16:36 24,064 a------- c:\windows\system32\netcfg.exe
2009-10-03 16:31 220,160 a------- c:\windows\system32\drivers\bthport.sys
2009-10-03 16:31 181,760 a------- c:\windows\system32\fsquirt.exe
2009-10-03 16:31 29,184 a------- c:\windows\system32\drivers\BTHUSB.SYS
2009-10-03 16:31 19,456 a------- c:\windows\system32\drivers\bthenum.sys
2009-10-03 16:29 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-10-03 16:25 3,503,584 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-03 16:25 549,888 a------- c:\windows\system32\rpcss.dll
2009-10-03 16:25 3,469,280 a------- c:\windows\system32\ntoskrnl.exe
2009-10-03 16:25 654,336 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-10-03 16:25 24,576 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-10-03 16:25 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-10-03 16:25 501,760 a------- c:\windows\system32\wbem\WmiPrvSD.dll
2009-10-03 16:25 247,296 a------- c:\windows\system32\wbem\WmiPrvSE.exe
2009-10-03 16:25 130,560 a------- c:\windows\system32\wbem\WmiDcPrv.dll
2009-10-03 16:25 53,248 a------- c:\windows\system32\iasads.dll
2009-10-03 16:25 37,888 a------- c:\windows\system32\iasdatastore.dll
2009-10-03 16:25 158,720 a------- c:\windows\system32\sdohlp.dll
2009-10-03 16:25 97,280 a------- c:\windows\system32\iasrecst.dll
2009-10-03 16:22 82,432 a------- c:\windows\system32\drivers\sdbus.sys
2009-10-03 16:20 223,232 a------- c:\windows\system32\WMASF.DLL
2009-10-03 16:20 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-10-03 16:20 2,048 a------- c:\windows\system32\asferror.dll
2009-10-03 16:19 25,600 a------- c:\windows\system32\amxread.dll
2009-10-03 16:19 14,848 a------- c:\windows\system32\apilogen.dll
2009-10-03 16:18 268,288 a------- c:\windows\system32\mcbuilder.exe
2009-10-03 16:18 223,232 a------- c:\windows\system32\SLC.dll
2009-10-03 16:18 33,280 a------- c:\windows\system32\slwmi.dll
2009-10-03 16:18 566,784 a------- c:\windows\system32\SLCommDlg.dll
2009-10-03 16:18 351,232 a------- c:\windows\system32\SLUI.exe
2009-10-03 16:18 2,605,568 a------- c:\windows\system32\SLsvc.exe
2009-10-03 16:18 186,368 a------- c:\windows\system32\SLLUA.exe
2009-10-03 16:18 57,856 a------- c:\windows\system32\SLUINotify.dll
2009-10-03 16:18 39,936 a------- c:\windows\system32\slcinst.dll
2009-10-03 16:17 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2009-10-03 16:17 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-10-03 16:17 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-10-03 16:13 220,160 a------- c:\windows\system32\ntprint.dll
2009-10-03 16:13 61,440 a------- c:\windows\system32\ntprint.exe
2009-10-03 16:13 120,320 a------- c:\windows\system32\dhcpcsvc6.dll
2009-10-03 16:13 10,240 a------- c:\windows\system32\dhcpcmonitor.dll
2009-10-03 16:13 1,984,512 a------- c:\windows\system32\authui.dll
2009-10-03 16:13 69,632 a------- c:\windows\system32\sendmail.dll
2009-10-03 16:13 8,138,240 a------- c:\windows\system32\ssBranded.scr
2009-10-03 16:12 441,856 a------- c:\windows\system32\win32spl.dll
2009-10-03 16:12 37,376 a------- c:\windows\system32\printcom.dll
2009-10-03 16:11 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-10-03 16:11 14,848 a------- c:\windows\system32\wshrm.dll
2009-10-03 16:10 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-10-03 16:10 7,680 a------- c:\windows\system32\spwmp.dll
2009-10-03 16:10 4,096 a------- c:\windows\system32\dxmasf.dll
2009-10-03 16:10 4,096 a------- c:\windows\system32\msdxm.ocx
2009-10-03 16:10 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-10-03 16:10 43,520 a------- c:\windows\system32\msdxm.tlb
2009-10-03 16:10 18,432 a------- c:\windows\system32\amcompat.tlb
2009-10-03 16:09 11,776 a------- c:\windows\system32\sbunattend.exe
2009-10-03 16:07 290,304 a------- c:\windows\system32\drivers\srv.sys
2009-10-03 16:07 83,968 a------- c:\windows\system32\dnsrslvr.dll
2009-10-03 16:07 24,576 a------- c:\windows\system32\dnscacheugc.exe
2009-10-03 16:06 53,760 a------- c:\windows\system32\drivers\hdaudbus.sys
2009-10-03 16:01 622,080 a------- c:\windows\system32\icardagt.exe
2009-10-03 16:01 97,800 a------- c:\windows\system32\infocardapi.dll
2009-10-03 16:01 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-10-03 16:01 11,264 a------- c:\windows\system32\icardres.dll
2009-10-03 16:01 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-10-03 16:01 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-10-03 16:01 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-10-03 16:01 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-10-03 15:44 21,430,272 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-10-03 15:44 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-10-03 15:44 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-10-03 15:41 96,760 a------- c:\windows\system32\dfshim.dll
2009-10-03 15:41 41,984 a------- c:\windows\system32\netfxperf.dll
2009-10-03 15:41 282,112 a------- c:\windows\system32\mscoree.dll
2009-10-03 15:41 158,720 a------- c:\windows\system32\mscorier.dll
2009-10-03 15:40 83,968 a------- c:\windows\system32\mscories.dll
2009-10-03 15:19 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-10-03 15:19 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-03 15:19 1,686,528 a------- c:\windows\system32\gameux.dll
2009-10-03 15:18 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-10-03 15:18 94,720 a------- c:\windows\system32\logagent.exe
2009-10-03 15:18 130,048 a------- c:\windows\system32\drivers\srv2.sys
2009-10-03 15:18 101,888 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-10-03 15:18 84,992 a------- c:\windows\system32\drivers\srvnet.sys
2009-10-03 15:18 58,368 a------- c:\windows\system32\drivers\mrxsmb20.sys
2009-10-03 15:17 737,792 a------- c:\windows\system32\inetcomm.dll
2009-10-03 15:17 84,480 a------- c:\windows\system32\INETRES.dll
2009-10-03 15:17 1,645,568 a------- c:\windows\system32\connect.dll
2009-10-03 15:16 152,576 a------- c:\windows\system32\imagehlp.dll
2009-10-03 15:16 12,800 a------- c:\windows\system32\drivers\fs_rec.sys
2009-10-03 15:16 5,120 a------- c:\windows\system32\wmi.dll
2009-10-03 15:16 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-10-03 15:16 1,327,104 a------- c:\windows\system32\quartz.dll
2009-10-03 15:16 974,336 a------- c:\windows\system32\crypt32.dll
2009-10-03 15:15 633,856 a------- c:\windows\system32\user32.dll
2009-10-03 15:15 1,341,440 a------- c:\windows\system32\msxml6.dll
2009-10-03 15:15 2,048 a------- c:\windows\system32\msxml6r.dll
2009-10-03 15:14 750,080 a------- c:\windows\system32\qmgr.dll
2009-10-03 12:31 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-10-03 12:31 83,456 a------- c:\windows\system32\wudriver.dll
2009-10-03 12:30 162,064 a------- c:\windows\system32\wuwebv.dll
2009-10-03 12:30 31,232 a------- c:\windows\system32\wuapp.exe
2009-10-03 12:23 <DIR> --d----- c:\program files\OMNITEL
2009-10-03 12:23 <DIR> --d----- c:\program files\common files\GtFlashSwitch
2009-10-03 12:23 <DIR> --dsh--- c:\windows\Installer
2009-10-03 12:17 <DIR> --d----- c:\users\kristina
2009-10-03 12:10 12 a------- c:\windows\bthservsdp.dat
2009-10-02 16:57 20,480 a------- C:\4899,21.exe
2009-10-02 16:57 740 a------- C:\222,8945.exe

==================== Find3M ====================

2009-10-05 09:46 86,016 a------- c:\windows\inf\infstrng.dat
2009-10-05 09:46 51,200 a------- c:\windows\inf\infpub.dat
2009-10-05 09:46 86,016 a------- c:\windows\inf\infstor.dat
2009-10-04 10:25 665,600 a------- c:\windows\inf\drvindex.dat
2009-10-04 09:47 15,360 a------- c:\windows\system32\netevent.dll
2009-10-04 09:47 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-10-04 09:47 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-10-04 09:47 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-10-04 09:47 103,936 a------- c:\windows\system32\netiohlp.dll
2009-10-04 09:47 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-10-04 09:47 19,968 a------- c:\windows\system32\ARP.EXE
2009-10-04 09:47 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-10-04 09:47 10,240 a------- c:\windows\system32\finger.exe
2009-10-04 09:47 213,592 a------- c:\windows\system32\drivers\netio.sys
2009-10-04 09:47 813,568 a------- c:\windows\system32\drivers\tcpip.sys
2009-10-04 09:47 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-10-04 09:47 22,016 a------- c:\windows\system32\netiougc.exe
2009-10-03 17:40 174 a--sh--- c:\program files\desktop.ini
2009-10-03 16:28 40,960 a------- c:\windows\system32\srclient.dll
2009-10-03 16:19 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-10-03 16:15 72,704 a------- c:\windows\system32\admparse.dll
2009-10-03 16:15 827,392 a------- c:\windows\system32\wininet.dll
2009-10-03 16:15 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-10-03 16:15 78,336 a------- c:\windows\system32\ieencode.dll
2009-10-03 16:15 48,128 a------- c:\windows\system32\mshtmler.dll
2009-10-03 16:15 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-10-03 16:15 56,320 a------- c:\windows\system32\iesetup.dll
2009-10-03 15:19 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-10-03 15:19 2,143,744 a------- c:\windows\apppatch\AcGenral.dll
2009-10-03 15:19 449,024 a------- c:\windows\apppatch\AcSpecfc.dll
2009-10-03 15:19 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-10-03 15:19 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2006-11-02 15:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 15:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 12:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 12:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 12:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-01-03 13:52 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:44:09,43 ===============

trubbled · 2009/10/05

and one called ''Attach'' (Part 1):
DDS (Ver_09-09-29.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2009.10.03 12:11:20
System Uptime: 2009.10.05 17:48:35 (1 hours ago)

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | SR70S/SR71S
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | U2E1 | 1867/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 36,948 GiB free.
D: is FIXED (NTFS) - 111 GiB total, 110,908 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP10: 2009.10.05 18:27:37 - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Agere Systems HDA Modem
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Kaspersky Anti-Virus 2010
Microsoft .NET Framework 3.5 SP1
Microsoft Silverlight
Omni Connect
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

==== Event Viewer Messages From Past Week ========

2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Trigger_1 from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-99_neutral_LDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-98_neutral_LDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-97_neutral_LDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-826_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-825_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-824_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-823_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-822_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-821_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-820_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-819_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-818_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-817_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-816_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-815_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-814_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-813_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-812_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-811_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-810_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-809_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-808_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-807_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-806_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-805_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-804_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-803_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-802_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-801_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-800_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-799_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-798_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-797_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-796_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-795_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-794_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-793_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-792_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-791_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-790_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-789_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-788_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-787_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-786_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-785_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-784_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-783_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-782_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-781_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-780_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-779_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-778_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-777_neutral_PACKAGE from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-776_neutral_GDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-775_neutral_LDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-774_neutral_LDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-773_neutral_GDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-772_neutral_LDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-771_neutral_LDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-770_neutral_GDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-769_neutral_LDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-642_neutral_GDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-641_neutral_LDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-640_neutral_LDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-639_neutral_GDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-638_neutral_LDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-637_neutral_LDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-636_neutral_GDR from package KB967723(Security Update) into Staging(Staging) state
2009.10.03 13:49:35, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 967723-635_neutral_LDR from package KB967723(Security Update) into Staging(Staging) state

trubbled · 2009/10/05

sorry, If I did it in a wrong way... I did not find where to attach
other DDS information should be confirmed by moderator or etc.
so I hope you get it as soon as possible.
the virus Type_Win32 is still in my laptop and I can't delete it (on of the treats even calls itself ''HideWin.exe''...
Istill don't know what to do and you are my last hope to survive this intrusion in my life

Arie · 2009/10/05

Sorry to be the barer of bad new but:

Kaspersky anti-virus 2010 trial and scaned my laptop. It found 3922 malicious objects and desinfected or deleted almost all (e.g. Virus.Win32.Virut.ce
Click to expand...

I'm afraid its practically impossible to recover from a Virut infection, the terminal cancer of infections, I'm afraid. Virut changes all your .exe files and is polymorphic itself. It's almost impossible to achieve a clean machine and the anti malware community are in agreement that the best option is a re-format and re-install - sorry. You can save any documents but that's all.
excellent tutorial on how to reformat here

Things to bear in mind, only back up data files (word, excell etc.) DO NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.pif/.com/.rar files... as they could all be infected and will simply re-infect your system again, there is no way of being certain what this infection can do.
Here is a guide on backing up your data;
Although you can use whatever method you prefer.

Do not back up to another machine, as it may become compromised.
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t208298.html

Miekiemoes, a highly regarded expert in malware removal, and an MS-MVP,
has an extremely informative blog post about Virut. - she only ever recommends a total reformat.

At least this way, you have the best chance of having a clean machine once more.

For future protection read this very well written article Think Prevention.
Click to expand...

This comes courtesy of one of our Malware experts.

I suggest you do the following immediately:

* Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
* From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
* DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

trubbled · 2009/10/06

Thank You for your time
I will try do all that you recomended...
Just to make sure, my Kaspersky trial will be lost after reinstaling too? and what about .avi, .jpg, .mp3 type files? should I delete those too?

trubbled · 2009/10/06

and another question: during my lap infection period I made some DVD copies of some movies into disks (I didn't know I was infected), could those dvd be infected too?

Arie · 2009/10/06

avi, .jpg, .mp3 type files?
Click to expand...

Generally these files don't get infected, but I'm no Malware expert...

broni · 2009/10/06

Before you move ANY backed up file to your computer, you have to scan it with AV program. Same goes for DVDs, CDs.
As for Kaspersky, since it's a trial version, you can simply re-download it, or go for something else:

- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

trubbled · 2009/10/07

Just one more question:
my Vista in a re-writing process creates a folder called 'Windows.old' and I can't find how to cancel it. So it creates a folder with all the old windows exe and other malicious files. Am I doing something wrong?
thanks in advance

broni · 2009/10/07

It looks like you're performing repair installation. As you noticed, all old files remain.
This is no good.
Follow manual from here: http://www.5starsupport.com/tutorial/vista-clean-install.htm

Log in or Sign up

[Not curable - Virut] can't remove Type_Win32

trubbled Inactive Thread Starter

Admin. Administrator Administrator Staff

trubbled Inactive Thread Starter

trubbled Inactive Thread Starter

trubbled Inactive Thread Starter

Arie Administrator Administrator Staff

trubbled Inactive Thread Starter

trubbled Inactive Thread Starter

Arie Administrator Administrator Staff

broni Moderator Malware Analyst

trubbled Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

[Not curable - Virut] can't remove Type_Win32

trubbled Inactive Thread Starter

Admin. Administrator Administrator Staff

trubbled Inactive Thread Starter

trubbled Inactive Thread Starter

trubbled Inactive Thread Starter

Arie Administrator Administrator Staff

trubbled Inactive Thread Starter

trubbled Inactive Thread Starter

Arie Administrator Administrator Staff

broni Moderator Malware Analyst

trubbled Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches