plzz guys help me out
some win32/virut ap virus has infected all my .exe files
and nod32 is popping up every now and then asking to delete these files
1st timr it happened i deleted withouut knowing i had deleted files from system 32 .
this time i have left all the files alone
how can i get rid of this virut
is there any way to clean this mess without having to format my pc
:(

The only thing I know to do for this is to disable System Restore (you can look that up online if you don't know how), make sure NOD is up to date and run a full scan of your system in safe mode.

virut its one of dangers infections on the net .. because ones has infected all your exe files its imposible to remove it

Virut is a virus that infects any executable files and screensavers that the user accesses. The parasite also opens a back door providing the attacker with unauthorized remote access to the compromised computer. The intruder can upload and run arbitrary files.

do hou have try scaning on safe mode? trsy that also download and run a system scan with SUPERAntispyware
or get support from eset moderator,s :p

Eset Have Added This Virus Signature Since
NOD32 - v.2834 (20080129)
Virus signature database updates:
Win32/Delf.NAM, Win32/Nuwar.Gen, Win32/Rbot, Win32/VB.GW, Win32/VB.H, Win32/VB.IH, Win32/VB.IY (2), Win32/VB.NJA, Win32/VB.NJT, Win32/VB.R, Win32/Virut.AG, Win32/Virut.AP
R U First Install EAV
Or
Update First Time

{QUOTE-> virut its one of dangers infections on the net .. because ones has infected all your exe files its imposible to remove it

Virut is a virus that infects any executable files and screensavers that the user accesses. The parasite also opens a back door providing the attacker with unauthorized remote access to the compromised computer. The intruder can upload and run arbitrary files.

do hou have try scaning on safe mode? trsy that also download and run a system scan with SUPERAntispyware
or get support from eset moderator,s :p <-QUOTE}
Ha Ha Ha
This Is Eset Forum Not Superantispyware
And For Your Kind Information Superantispyware Is A Antispyware Not AntiVirus They Did Not Add Viruses In There Database

@Antichrist

Hello!

You have posted in EAV v3's subforum , you are supposed to be using v3

Restart your computer in Safe Mode and open Start -> Programs -> ESET -> ESET NOD32 Antivirus

A pop-up will ask you if you want to perform a scan . A DOS like windows will appear , this is ESET's command line scanner . It will start cleaning whatever possible. As far as I am aware Virut is a virus/file infector which completely overwrites infected files and I think a complete recovery can never be achieved . However you must try! :thumb:

Not all Virut variants can be cleaned, some modify files to such an extent that the original file cannot be recovered. You can zip about 10 infected files, protect the archive with the password "infected" and submit it to samples[at]eset.com with this thread's url in the subject.

{QUOTE-> Ha Ha Ha
This Is Eset Forum Not Superantispyware
And For Your Kind Information Superantispyware Is A Antispyware Not AntiVirus They Did Not Add Viruses In There Database <-QUOTE}
yeah can see you dont know nothing about nothing sas can remove alot of thinks avs av,s just can,t .... :P

{QUOTE-> Not all Virut variants can be cleaned, some modify files to such an extent that the original file cannot be recovered. You can zip about 10 infected files, protect the archive with the password "infected" and submit it to samples[at]eset.com with this thread's url in the subject. <-QUOTE}
yeao you right Marcos the best recomended way to remove Virut its Reformating ... :s Virut its really Hard to remove for every av :p

{QUOTE-> The only thing I know to do for this is to disable System Restore (you can look that up online if you don't know how), make sure NOD is up to date and run a full scan of your system in safe mode. <-QUOTE}

how can disabling system restore help to get rid of viruses.
actuyally i have formatted my pc just yesterday(only the c drive)
and the first thing i did was install nod32 and update it
eav dint detect anything till updated
anyways i will try scanning in safe mode
thnks all

{QUOTE-> Not all Virut variants can be cleaned, some modify files to such an extent that the original file cannot be recovered. You can zip about 10 infected files, protect the archive with the password "infected" and submit it to samples[at]eset.com with this thread's url in the subject. <-QUOTE}


how do i do that
i am new so can u plzzzzzzz tell me how its done

{QUOTE-> virut its one of dangers infections on the net .. because ones has infected all your exe files its imposible to remove it

Virut is a virus that infects any executable files and screensavers that the user accesses. The parasite also opens a back door providing the attacker with unauthorized remote access to the compromised computer. The intruder can upload and run arbitrary files.

do hou have try scaning on safe mode? trsy that also download and run a system scan with SUPERAntispyware
or get support from eset moderator,s :p <-QUOTE}



i downloaded the super antispyware professional trial
and updated it
but its just not detecting the files as virus which nod had detected as virut

{QUOTE-> i downloaded the super antispyware professional trial
and updated it
but its just not detecting the files as virus which nod had detected as virut <-QUOTE}


Simply because SUPER Antispyware is anti-spyware product , not detecting viruses (file infectors)

{QUOTE-> @Antichrist

Hello!

You have posted in EAV v3's subforum , you are supposed to be using v3

Restart your computer in Safe Mode and open Start -> Programs -> ESET -> ESET NOD32 Antivirus

A pop-up will ask you if you want to perform a scan . A DOS like windows will appear , this is ESET's command line scanner . It will start cleaning whatever possible. As far as I am aware Virut is a virus/file infector which completely overwrites infected files and I think a complete recovery can never be achieved . However you must try! :thumb: <-QUOTE}



yea you were right
i scanned pc in the safe mode and nod was unable to clean tha files and also
nod wont allow me to log in after i restarted in normal mode
so i had to delete the nod files in safe mode and reinstall it
so my i turn to my last resort that is format
but there is 1 thing more i wud like to know
virut infects only exe files?
cuz i8 dont want to lose my song and pics collection
and wud want to write them on a dvd
will this f**kin virut follow into the dvd
plzz lemme know:'(

Welcome aboard matey :).

{QUOTE-> how do i do that
i am new so can u plzzzzzzz tell me how its done <-QUOTE}

1. Using Windows Explorer, locate the first file you want to zip.
2. Right click on the file and select "Send To" and "Compressed (zipped) Folder".
3. Right click any other files you want to compress and select "Copy".
4. Right click on the compressed folder and select "Paste". The copied files will be compressed and pasted in.
5. Right click on the file and select "Explore".
6. In "File" select "Add a Password". Enter the password and confirm the password.

{QUOTE-> plzz guys help me out <-QUOTE}

Let's see if the following can remove ("clean") the codes appended by the infector into your files,

http://freedrweb.com/cureit/
http://downloads2.kaspersky-labs.com/devbuilds/AVPTool/ - download latest
http://free.grisoft.com/doc/virus-removal/us/frt/0/ndi/67762
http://www.microsoft.com/security/malwareremove/default.mspx
http://www.pandasecurity.com/homeusers/solutions/activescan/

Note: Scan in safe mode. Use BootSafe (http://www.snapfiles.com/get/bootsafe.html) and choose "safe mode with networking".

If they fail, please read this (http://www.wilderssecurity.com/showthread.php?t=42148) (post at one forum only).

thanatos

{QUOTE-> but there is 1 thing more i wud like to know
virut infects only exe files?
cuz i8 dont want to lose my song and pics collection
and wud want to write them on a dvd
will this f**kin virut follow into the dvd
plzz lemme know:'( <-QUOTE}

AFAIK, Virut only infects *.exe and *.scr files. See this (http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/).

thanatos

{QUOTE-> Welcome aboard matey :).



1. Using Windows Explorer, locate the first file you want to zip.
2. Right click on the file and select "Send To" and "Compressed (zipped) Folder".
3. Right click any other files you want to compress and select "Copy".
4. Right click on the compressed folder and select "Paste". The copied files will be compressed and pasted in.
5. Right click on the file and select "Explore".
6. In "File" select "Add a Password". Enter the password and confirm the password.



Let's see if the following can remove ("clean") the codes appended by the infector into your files,

http://freedrweb.com/cureit/
http://downloads2.kaspersky-labs.com/devbuilds/AVPTool/ - download latest
http://free.grisoft.com/doc/virus-removal/us/frt/0/ndi/67762
http://www.microsoft.com/security/malwareremove/default.mspx
http://www.pandasecurity.com/homeusers/solutions/activescan/

Note: Scan in safe mode. Use BootSafe (http://www.snapfiles.com/get/bootsafe.html) and choose "safe mode with networking".

If they fail, please read this (http://www.wilderssecurity.com/showthread.php?t=42148) (post at one forum only).

thanatos <-QUOTE}


thnks thanatos but how do i send the files
i cand send thru gmail as they saying gmail can send executables for security reasons

{QUOTE-> thnks thanatos but how do i send the files
i cand send thru gmail as they saying gmail can send executables for security reasons <-QUOTE}

After putting atleast 10 infected files in a password-protected zip archive, attach the zip to your gmail email. Include in the email body the zip password and the link of this thread. Email the zip to samples@eset.com.

thanatos

{QUOTE-> After putting atleast 10 infected files in a password-protected zip archive, attach the zip to your gmail email. Include in the email body the zip password and the link of this thread. Email the zip to samples@eset.com.

thanatos <-QUOTE}

but gmail is not allowing to send the exe files

{QUOTE-> but gmail is not allowing to send the exe files <-QUOTE}

Ok. Upload the password-protected zip here (http://www.mediafire.com/). Email the download link to ESET.

If you are a registered user, use this web form (http://www.eset.com/threat-center/up/submit.htm) to upload the zip.

thanatos

{QUOTE-> Ok. Upload the password-protected zip here (http://www.mediafire.com/). Email the download link to ESET.

If you are a registered user, use this web form (http://www.eset.com/threat-center/up/submit.htm) to upload the zip.

thanatos <-QUOTE}


thanks a lot dude
:thumb: :)

{QUOTE-> AFAIK, Virut only infects *.exe and *.scr files. See this (http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/).

thanatos <-QUOTE}

wht does this virut do basically
i mean does it affect the hardware
does it matter if i leave it to live in my pc?
i know this is a stupid question but still does it matter?
;D

{QUOTE-> thanks a lot dude
:thumb: :) <-QUOTE}

Antichrist, you are most welcome. I'm glad that I could be of help.

{QUOTE-> wht does this virut do basically
i mean does it affect the hardware
does it matter if i leave it to live in my pc?
i know this is a stupid question but still does it matter?
;D <-QUOTE}

AFAIK Virut appends codes (appendage is for IRC session) into your files (*.exe and *.scr) and contacts a list of sites. Here (http://www.teamfurry.com/wordpress/?s=virut) is the ongoing Virut saga.

thanatos

off topic posts concerning SAS removed.

Philippe_FR22,

You are advized to confine your dislike for and trollish type SAS posts to an appropriate thread and this is not one of them.

Bubba

{QUOTE-> off topic posts concerning SAS removed.

Philippe_FR22,

You are advized to confine your dislike for and trollish type SAS posts to an appropriate thread and this is not one of them.

Bubba <-QUOTE}

Ok no problem... It's not a dslike pb... Sorry for posting at the wrong thread
Regards