| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 134655 | 2013-07-25 01:47:00 | win32/virut.bm, how to get rid of | Whenu (9358) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1349775 | 2013-07-25 01:47:00 | Yello, have acquired the above file along with HTML/IframeRef.gen. From what IS can gather, a complete new install is called for. I removed them with msse and am currently scanning with eset, cheers |
Whenu (9358) | ||
| 1349776 | 2013-07-25 23:16:00 | Its bad news..... You have a polymorphic file infector, infecting all the executable files(.exe) and screen saver files(.scr) by way of corrupting them beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state. Not a repair install. One of the ways it infiltrates is via an exploit in older versions of Adobe. Make sure you get the latest version The files cannot be properly disinfected. Even if we attempt to clean it, our efforts will be futile. There's no tool that can fix this infection at the moment. Some tools claim to disinfect it but they also end up corrupting the system files in the end just like the old Win32:Sality itself. So, I am afraid there's no other option but a reformat and reinstall. Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable. Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. This infection can penetrate and infect .exe files inside compressed files too. Recent variants also modify htm, html, asp and php files. Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups. If you need assistance in performing a clean install, here is a couple of good guides to walk you through the process: www.windowsreinstall.com helpdesk.its.uiowa.edu This is a backdoor trojan which allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge. As a precaution It would be prudent to get to a known clean computer and change all passwords where applicable, and it would be wise to contact your financial institutions to apprise them of your situation, if this PC was used for any online banking, shopping, or any other sensitive transactions. |
Pancake (6359) | ||
| 1 | |||||