The last couple of days i have been trying to remove 2 trojans/viruses from my laptop…
I have been trying many things…
Disabeling System Restore
Running AVAST boot time scan all disk and archives
Running Malwarebyte
BUt still i get virus warning on bootup, some programs will not start and some programs wont install…
It seems like my windows installer is infected =( when i try to install programs they either wont install or get infected by this virus/trojan.
From Avast log:
FRom bootscan:
17-03-2009 04:40:40 SYSTEM 984 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
When rebooting the system:
17-03-2009 06:24:26 SYSTEM 984 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\TEMP\VRT5.tmp” file.
When trying to install e.g. hijackthis:
17-03-2009 06:35:32 SYSTEM 984 Sign of “Win32:JunkPoly [Cryp]” has been found in “C:\Programmer\Trend Micro\HijackThis\HijackThis.exe” file.
17-03-2009 06:48:04 SYSTEM 984 Sign of “Win32:JunkPoly [Cryp]” has been found in “C:\Programmer\Trend Micro\HijackThis\HijackThis.exe” file.
17-03-2009 06:49:23 SYSTEM 984 Sign of “Win32:JunkPoly [Cryp]” has been found in “C:\Programmer\Trend Micro\HijackThis\HijackThis.exe” file.
17-03-2009 06:53:19 SYSTEM 984 Sign of “Win32:JunkPoly [Cryp]” has been found in “C:\Programmer\Trend Micro\HijackThis\HijackThis.exe” file.
17-03-2009 07:08:00 SYSTEM 984 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\TEMP\VRT9.tmp” file.
17-03-2009 07:08:40 SYSTEM 984 Sign of “Win32:JunkPoly [Cryp]” has been found in “C:\Programmer\Trend Micro\HijackThis\HijackThis.exe” file.
I have a logfile from HiJackThis, but it is very long were do I post it??
Run the program but do not make any fixes and then post the log results using the “copy & paste” method. It will probably take more than one post to be able to get the complete log posted.
OR, you can post it as an attachment to your post by clicking on “Additional Options…” below left of the posting box. Someone will review your log and then offer help.
Make sure you have HJT version 2.0.2 and if not, you can get it at the link below.
We didn’t detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
We recommend you to use a firewall.
Platform: Windows XP SP2 (WinNT 5.01.2600)
A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft’s windowsupdate site to download the newest version of the service pack.
Otherwise, a mostly clean HJT log with the below exceptions which should not be a problem provided you know know these applications. It’s just that HJT does not yet recognize these entries.
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\ADOBE\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -“Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1; .NET CLR 3.0.04506.648)” -“http://theclonewars.cartoonnetwork.com/games/game_02_ext.html”
A search of the above URL with ScanDoo shows it to be clean. I think you know this one.
[b]O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab[/b]
Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. But, I think you know this one also.
So, nothing in your HJT log shows the problem you are exeriencing.
Hopefully, someone else can shed some light on the problems in your first post.
thx for the looking @ my log… Bad thing is i am still stuck…
I am using windows firewall and am behínd a NAT…
I did try to install SP3 but it keeps failing to install… I own this copy of XP…
O4 and O16 i know both and they are fine =)
Why do i keep getting a virus warning on boot up?
17-03-2009 06:24:26 SYSTEM 984 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\TEMP\VRT5.tmp” file.
And why do new installed programs get locked by AVASt with warning win32:JunkPoly… detected…
17-03-2009 07:08:40 SYSTEM 984 Sign of “Win32:JunkPoly [Cryp]” has been found in “C:\Programmer\Trend Micro\HijackThis\HijackThis.exe” file.
Been trying to make a safe boot, running avast antivirus, malwarebyte, avast rootkit… Found nothing…
After reboot this damn VRT5.tmp virus/troyan again…
This is pretty much exactly what happened to me just before Avast told me I had Win32/Vitro (see the very long thread on that subject) except that for me it was VRT49EC rather than VRT5. I think the VRT denotes Virut, basically I would resuce your documents right away before whatever this is “escapes” and kills all your .exes.
