|
|
#1
November 9th, 2007, 08:05 PM
|
|||
|
|||
Win32/Virut.NAT Infection
Working on a customer's computer which is infected with Virut.
It was brought in because it would immediately logoff after logon, and none of the fixes I found worked. It's an emachine, and no Repair Install is possible, so I am trying to clean the Virut from the HD (it's installed as secondary on my Vista machine) before backing up the data and performing a eMachine "Restore" (New Install). Noticed that all of the 65 or so remaining infections are all *.HTM files. First, can I assume that if I delete all the infected files the data will be "clean" and I can then copy it back to the newly-installed O/S (XP) without reinfecting ? Also, do the infected .HTM files create new infected files, and if so how. I would think that one would have to activate the infected file to do anything, and from what I have read the Virut simply appends some HTML text to the .HTM file. What purpose is there for this, and what does an infected file do once infected ? Or is there some second active file that is going about infecting all the .HTM files ? Any help appreciated, and thanks in advance. Johnny |
|
#2
November 9th, 2007, 09:49 PM
|
|||
|
|||
|
Re: Win32/Virut.NAT Infection
Hopefully this thread will be of some value:
http://www.wilderssecurity.com/showthread.php?t=189309 |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
