Need some help with viruses...

1.I have Windows Vista.I have service Pack 3 and windows update supplied.Avast says it’s a Win32:Bamital-AC . There are 3 infected files on my laptop:
1.C:\Documents and Settings(User name)\Local Settings\Temp_avast4_\unp52707452.tmp
2.C:\WINDOWS\explorer.exe
3.C:\WINDOWS\system32\winlogon.exe

I tried Last good known configuration…nothing.Tried then through safe mode,opened avast and it said that I had to go to the boot phase to remove the viruses.And along the way,it said that files couldn’t be repaired,deleted or moved.So it must have infected C folder.Afterwards I tried to use The System restore but that didn’t work either.So,you got any advice for me or should I reinstall the operating system and format the C drive?

Hi…
You have an infection which is very quite awkward

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

Run ComboFix.
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Post log reports ( ComboFix.txt) back to topic.

It is possible that you will also have to run a Rootkit Unhooker scan,

Please download Rootkit Unhooker from here: http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE
and save it to your desktop.
Double-click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close
This log may be very large so please attach it in your next reply.

Note** you may get the following warning. It is ok, just ignore it.

“Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?”

Please post copy/paste the Virus Total Reports and please attach the RKUnhooker log to your next reply,

polonus

Guys,my laptop doesn’t really open so…It passes the user account thing,and then there is nothing except the mouse and the destkop.So how can I download this stuff?In safe mode maybe or should I use an outrange device like usb or something?

I suggest you save your important data before this action.

This is the thing…you will need Windows Vista installation CD.
Legitimate files from Windows Vista CD we needs to be copy to system because the original system files are infected.

Follow this tutorial…
http://www.bleepingcomputer.com/tutorials/tutorial147.html

When you enter in Recovery Console
type:

cd ..

enter

copy C:\WINDOWS\I386\EXPLORER.EX_ C:\windows\explorer.exe

enter
answers a question with a yes

copy C:\WINDOWS\I386\winlogon.ex_ C:\windows\system32\winlogon.exe

enter
answers a question with a yes

It would look like this:

http://img209.imageshack.us/img209/118/20110119135814.jpg

Re-Start your Windows Vista in normal mode and also try to Run ComboFix.

Forget about this :slight_smile: In some strange way is now fixed… I ran combofix in safe mode,but I couldn’t connect to the internet so it failed to continue.Still,today my pc opened just fine.I don’t know neither how,neither why… Anyway,as I said above,as combofix couldn’t complete,there is no log file I can post.Thx anyway :slight_smile:

Let me check and in what You claim. :-
It is impossible to infection casually pulled…

Delete old ComboFix and download fresh Combofix.
Re-Run Combofix ( in normal mode ) and paste here fresh log.