CANT REMOVE win32/virut.nbk

Discussion in 'ESET NOD32 Antivirus' started by andicyhot, Feb 10, 2009.

Thread Status:
Not open for further replies.
  1. andicyhot

    andicyhot Registered Member

    Joined:
    Feb 10, 2009
    Posts:
    7
    I scanned with nod32 my computer 4 times.. and it found many viruses that i removed but.. it didnt delete a virus called WIN32/virut.nbk .. seems that this virus has infected all my programs.. (all .exe types ). it found more than 300 infections but only quarantined them . if i removed them it will mean to remove even system files.. so what should i do?
    the virus keeps restarting my computer.and I tried many antiviruses but only nod32 found that win32/virut.nbk but it doesnt clean it from files..


    I have many important things in my computer so i cant format it..
     
  2. Novicex

    Novicex Registered Member

    Joined:
    Jan 21, 2009
    Posts:
    72
  3. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
    I would recommend running NOD32 in safe mode.
     
  4. andicyhot

    andicyhot Registered Member

    Joined:
    Feb 10, 2009
    Posts:
    7
    when i run unlock in drive C:\ it finds too many locked things.. the navigation bar is very small... and when i click unlock all or just unlock a process computer immediately restarts.. is there any removal tool for this virus?
     
  5. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
  6. Novicex

    Novicex Registered Member

    Joined:
    Jan 21, 2009
    Posts:
    72
    Also try "Recovery Console" its on windows XP CD. Where you can delete file until OS is loaded, just type the command (delete) and path (with correct syntax).
     
  7. andicyhot

    andicyhot Registered Member

    Joined:
    Feb 10, 2009
    Posts:
    7
    I dont know where the virus is located ..:(
    Its a very bad virus.. i read in google about this trojan and all say its incurable.. and only PC format can help..
    but there must be another way to get rid of it .. i tried nod32 even in safe mode .. the virus is still there
     
  8. Novicex

    Novicex Registered Member

    Joined:
    Jan 21, 2009
    Posts:
    72
  9. andicyhot

    andicyhot Registered Member

    Joined:
    Feb 10, 2009
    Posts:
    7
    I ran process explorer and schvost.exe was 9 times .. and was red but its a system process and its description is : Generic Host process for win32 applications.
    I tried a program called combofix .. and it removed many malwares .. but still the PC is not stabilized it keeps restarting . i just cant figure out how nod32 finds it but cannot clean the virus:(

    and thanks very much for trying to help me everyone:)
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Please download ESET SysInspector, create a log, then email it to support("at")eset[dot]com for further assistance. Include as much information as possible in the email plus a link to this thread.
     
  11. andicyhot

    andicyhot Registered Member

    Joined:
    Feb 10, 2009
    Posts:
    7
    Ill try this sysinspector after my scan is complete and as i can see nod32 can clean the virus from other programs .. but not from system procceses like exlorer.exe schvost.exe etc ..it keeps saying : error in cleaning file . any idea how to remove the virus??
     
  12. Novicex

    Novicex Registered Member

    Joined:
    Jan 21, 2009
    Posts:
    72

    Explorer.exe you can replace with fresh one from windows CD(ask Google), but schvost.exe, not sure:blink:
     
  13. andicyhot

    andicyhot Registered Member

    Joined:
    Feb 10, 2009
    Posts:
    7
    well. replacing just explorer.exe isnt enough :doubt: the virus will spread again..
    im hopeless with this thing.. my computer restarts every 5 minutes or whenever i click mozilla .. myComputer .. windowslive messenger
     
  14. Novicex

    Novicex Registered Member

    Joined:
    Jan 21, 2009
    Posts:
    72

    Yeh! That is crazy situation:blink: Only correct order of operations could cure your PC and there are too many of them if do it manually. Ive got no such a problems for a really long period of time, because, i almost never turning off my AV and firewall:rolleyes:

    Try, but risk is high, scan your HDD from another PC( maybe with linux OS if there exist any AV) and kill the infected files, but before, create backup of system files.
     
  15. andicyhot

    andicyhot Registered Member

    Joined:
    Feb 10, 2009
    Posts:
    7
    Scanning the HDD from another computer is very complicated for me .. and i dont have any other computer..:(:(:(
    Yesterday before sleeping i left nod32 scan in safe mode.. and when i got up i saw my computer off:cautious: however when i started windows.. nod32 informed me : WIN32/virut.NBK error while cleaning object schvost.exe explorer.exe..!!!

    still its there .. veryvery nasty trojan:ouch:
     
  16. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
    You can try running the free version of malwarebytes at www.malwarebytes.com. The program has 'Virus.Virut' in its list of detected malware. Make sure you update the malware definitons prior to running the scan.
     
  17. nopieees

    nopieees Registered Member

    Joined:
    Jul 30, 2009
    Posts:
    13
    hi everyone till now this problelm nod32 cant solve it o_Oo_O
    why do i suppose to use another solution when i m having licensed nod32 .

    offcourse i m using updated nod32 version 4 and , i ran nod32 on demand scan with the full configuration enabled o_Oo_O

    and even in the safe mode also with system restore off .

    i do not want using any other solutions and i want to know if no32 will fix this problem or not to remove it and search for somthing really works.
     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What's the problem exactly? Is it that ESET cannot clean these files and offers you only deletion? Or you're getting an error while cleaning? Do you have advanced heuristics enabled while cleaning?

    If system files being in use are already infected, it's necessary to boot from a clean media in order to clean them. Bear in mind that some viruses modify files to such extent that it's impossible to restore the original content. The best would be if you could restore a clean copy of them to ensure proper functioning.
     
  19. nopieees

    nopieees Registered Member

    Joined:
    Jul 30, 2009
    Posts:
    13
    HI Marcos thank you for your reply , first all my network computers got infected with variant type of virut.nbk and nod32 detects them but cant remove or clean it just nod32 gives error while cleaning .

    unfortunately i formatted the infected machine but here there is a computer infected with virut.NBP

    the virus infected all the system 32 executable files

    c:\windows\system32\spoolsv.exe
    \ ctfmon.exe
    \calc
    \taskmgr.exe
    windows\explorer.exe

    and some applications errors appear like drwatson.
     
  20. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Since system files are usually exclusively used by the OS, it may be necessary to boot from a clean media (e.g. rescue cd) and run a full system scan with cleaning from it.
     
  21. nopieees

    nopieees Registered Member

    Joined:
    Jul 30, 2009
    Posts:
    13
    would you please show me how can i make cleaning bootable media.
    would you please mention the steps
     
  22. nopieees

    nopieees Registered Member

    Joined:
    Jul 30, 2009
    Posts:
    13
    please does any one help me im really disabled in front of my computers.
    the virus infects the dr watson process and no way to do anything
     
  23. zeljko

    zeljko Registered Member

    Joined:
    May 6, 2009
    Posts:
    7
    only reinstall will help...dont lose time to fix something that cant be fixed
     
  24. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The process of creating a rescue cd is described in this KB article. However, the best course of action when system files get infected is to reinstall Windows as file infecting viruses may modify files to such an extent that they won't run after cleaning.
     
  25. nopieees

    nopieees Registered Member

    Joined:
    Jul 30, 2009
    Posts:
    13
    i m really angry now :mad: :mad: :mad:
    the computer was really protected with updated nod32 version 4 + the full proper configuration.

    how come the virus infects a protected computero_Oo_O

    suppose that im administrating 300 or 400 computer in network , it will be impossible to reinstall windows to all these clients.
     
Thread Status:
Not open for further replies.