Hello:

I just ran a complete scan using Dr. Web Cure It. It detected 16 infected files among other possible trojans and viruses that it did not allow me to move or delete. Previously, I have been infected with Virut-C as identified by Avast and some other Win32 worms.

I am not sure if I need a professional and if the computer should be reformatted. In fact, I don’t know the first thing about reformatting the computer.

Please help and advise whether it is safe to use this computer for matters involving confidential information.

Thanks.

If you are infected with Virut / Vitro then reinstall is recomended

W32:Vitro (Virut) virus removal
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=314

Virut and other File infectors - Throwing in the Towel?
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html#IDComment15344616

Dealing with the dispicable Vitro / Virut (Win32.Virut) polymorphic virus
http://technosopher.wordpress.com/2009/04/21/vitro-virut-win32/

You can also make a full system scan with malwarebytes, www.malwarebytes.org, (don’t forget to update it before scanning the system.

Regards,
Tenko

Hi:

Thanks for your comment. I have have attached the MBAM log and nothing was found. Is Dr Web reliable? It is also finding Trojans on another computer on the same network that both MBAM and Avast have not detected namely something called installhelper.exe.

Is there a way to reinstall XP if you do not have the original disk? I have one for my Dell computer but not for my Compaq. Can I use the same cd for both computers?

Thanks

I doubt you can use the CDs from other manufacturers as they have different device drivers I believe.

Is the Dell CD branded by Dell ???

I have one for my Dell computer but not for my Compaq.

try with Superantispyware.

Dr WEB is good of what i have read.

Regards,
Tenko

It will not help on a Virut infection, and the only one in here that can do anything with it is Essexboy

Hi Pondus:

I believe that the compaq is about 10 years old. We previously had to hire a professional to repair the computer because it would not start. Many of the viruses have been found in the recovered files. How do I tell if there is a recovery partion? Is it still possible to buy XP in the stores? How do I contact Essexboy for further assistance?

Thanks

Hi try this first to see if a recovery partition is available

•Turn the computer on. Tap the “F11” key repeatedly until the graphical interface for the recovery partition loads. Click “Next.” The first screen will ask if you would like to use the Windows system restore feature to restore your computer to a previous state. Click “No” to proceed to the full system recovery.

•Click “Yes” when asked if you would like to recover your system, then click “Next” to start. This process will format your hard drive and reinstall Windows, returning the computer to its original factory state.

I do have a re-install tutorial here http://www.geekstogo.com/forum/topic/173729-reformat-and-install-of-windows/

•Turn the computer on. Tap the "F11" key repeatedly until the graphical interface for the recovery partition loads

Hi Pondus and Essexboy:

Thank you for your responses. I suspect that if Virut is on my Compaq is it probably on all of the computers connected to my household network. So I am planning on reformatting all computers. I am going to start with the Dell computer because I have all of the cds. I have a few questions about reformatting after reading your article Essexboy.

1- How does reformatting get rid of the virut problem? What types of files can I keep? Word files and pictures?
2- How do I reinstall avast without being on the internet? How to I keep my user licence (I have paid for the avast service)?
3- Once the computer is reformatted, how do I know that it is free from infection?
4- What software do you recommend in addition to Avast to protect the computer from malware etc.?

I’m sorry if some of these questions are silly, but I am a beginner.

Thanks

to answer you questions

1. When you are reformatting yor hardware then everything will be deleted and you will therefore keep non of the files.
2. I would recommend you to contact Avast to give you a new one or if you have got it through your email then go to a friend or download it from your work (don’t forget to download Avast pro or AIS (Avast Internet Security)). now transfer the license file and the Avast file to your usb stick.
3. look at 1)
4. I recommend you to download Malwarebytes, superantispyware and Hitmanpro.

everyone here were once a beginner, so your questions are not silly/stupid. It’s better to be stupid for a moment than for the rest of your life.

Regards,
Tenko

1) When you are reformatting yor hardware then everything will be deleted and you will therefore keep non of the files.

Do not back up any files with the following extensions… Com, Exe,Scr,Vbs,Htm,Html

And as stated keep a note of your licences, or in the case of Avast copy the licence file to a USB/CD along with a freshly downloaded - but not run copy of Avast

Hello Essexboy:

Thank you for your valuable comments. Does it matter whether I download a fresh copy of avast and the xp SP3 from the infected computer? Or, should I go to a friend’s house and download it there? When you download the file do you have the option to save it to a cd?

Thanks again.

Hello Again:

So I tried hitting F10 on the Compaq and here is the message about System Recovery that was displayed:

"The system recovery program, in this normal default mode of operations, recovers applications, drivers and the operating system, to their factory shipped condition. Accordingly, after system recovery finishes, you need to reinstall and reconfigure any application that you installed youself (including upgrades or revisions to the factory-shipped version of any application).

However, the system recovery in this normal default mode of operation, will not delete any Data Files that you created".

Is this was I need to do to reformat the computer and get rid of all the viruses? I was reading that there is a distinction between reinstalling and reformatting and that reinstalling does not removethe viruses from your hard drives. Could you please advise? There is an option for advanced settings, but I am not sure what this does.

Thanks

Go to the advanced settings and there should be an option for destructive recovery - reset to factory defaults

Download Avast from a clean computer and save to either CD or USB

Hello:

Here is a hijackthis report from my compaq. Could someone explain the results?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:30:02 PM, on 12/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\HouseCall\housecall.bin
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q105&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=presario&pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM..\Run: [UpdateManager] “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [VTTimer] VTTimer.exe
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM..\Run: [avast5] “C:\Program Files\Alwil Software\Avast5\avastUI.exe” /nogui
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [HP Software Update] “C:\Program Files\HP\HP Software Update\HPWuSchd2.exe”
O4 - HKLM..\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

–
End of file - 8873 bytes

Thanks

I see:
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

Java is way down level.

Get

JavaRa

JavaRa is a simple tool that does a simple job: it removes old and redundant versions of the Java Runtime Environment (JRE). Simply select “Check for Updates” or “Remove Older Version” to begin. JavaRa is free under the GNU GPL version two.

Recommended Version 6 Update 22 (filesize: ~ 10 MB)
http://www.java.com/en/download/ie_manual.jsp?locale=en&host=www.java.com