I have a virus. After I downloaded a movie and decompressed it, which i thought was free of virus, suddenly the tray showed Avast mail scanner showing that something is using my svchost.exe to send spams to random people. I know they’re spam because of their weird titles.
I scanned my computer and it says that the movie files, the suspects, are decompression bombs. But it also says that some other files, which i’m 100% sure clean, are also decompression bombs. So now I don’t know.
How can I make this thing stop sending spams?
And another one. Some files are shown to have Win32:Trojan-gen(Other), some have Win32:Andras, and one file have VBS:Malware-gen. In additon, every single .exe files in my folder, even including the files from Avast, are shown to have Win32:Virtob or Win64:Virtob. What should I do with all these? I don’t want to delete them all because I’m worried about the consequences.
i’m not happy to say that, but the safest way is a format + reinstall, cause your system is roughly kicked by more than one file infector… Win32:Andras is a file infector which makes less harm than the second one… Win32:Virtob/Win64:Virtob/Win32:Virut is very dangerous file infector with some additional features and you’re a member of a huge zombie farm now (that’s the reason, why the spams are sent from your machine)… anyway, i’m curious how is it possible to get so much infected, when the up to date avast with the up to date VPS is installed (viruts and adrases are detected for a quite long time and the avast binaries in 4.8 version can’t be infected by virut afaik)…
No i don’t think virtob is the one with the problem. This e-mail sending thing didn’t happen for quite so long, about 3 months since my last formatting. Since the download it started to show the e-mail thingy. Another reason is that every single .exe files are shown to be infected with virtob. And I don’t think it’s possible.
Is there any way at least to stop these spams from being sent?
Yes there is a way, a total reinstall, according to the prescribed method to do so, here: https://kb.berkeley.edu/jivekb/entry.jspa?entryID=1485 (not with Symantic av of course - sp*t)
To loose an Operating System in this way is rather sad, but everyone may experience this once in a lifetime, and I guess you learned quite a lesson from this, you cannot go on with that computer, because it is owned by others, and God knows what they all did there. Disconnect from the internet and perform the steps as given in the link. Next time on that freshly installed computer use administrator rights only on one main account for updating and when you need to install and uninstall software. But for surfing, web mailing and going to the Internet, open up a normal user account on that newly installed computer,
it is possible to have all PE files infected with virut, of course… it’s very probable actually, cause virut is a very agressive and mass spreading file infector… and yes, there’s a way to stop sending the spams - disconnect physically from the inet :-..
you can try a cleaning with DrWeb CureIt, but a machine infected with such a quantity of nasties is no longer trustworthy…
Thank you for all help. I will format the computer.
But can I ask a question? I have a hard disk drive outside the computer, you know, the one you can use using usb port(I suddenly forgot its name). I connected to it several times, and transferred files in last 3 months since format. Must I completely clear it too?
in case of Virut only executable PE images (exe, dll, scr, ocx, and few other) are infected… you don’t have to drop your pictures, music, office documents, pdf files etc…