W32/FUtoolkit.F

Discussion in 'malware problems & news' started by A Williams, Dec 4, 2005.

Thread Status:
Not open for further replies.
  1. A Williams

    A Williams Registered Member

    Joined:
    Dec 4, 2005
    Posts:
    5
    Hi Everyone,
    New member here wondering if anyone has had any experience with this virus
     
  2. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    hi

    is your antivirus detecting something with that name?
    please can you post here the infected file's path and name, maybe even a report of your antiviruses scan?
     
  3. A Williams

    A Williams Registered Member

    Joined:
    Dec 4, 2005
    Posts:
    5
    After my post I ran another scan using Freedom and another virus was detected using safe mode I deleted the file C:\WINNT\system32\remon.sys but could not find the file C:\WINNT\nvideogui.exe I did another scan using the free scan at Trend Micro and it came back clean. I then installed Process Guard just in case the viruses were still hidden somewhere.

    LOG ENTRY
    C:\WINNT\nvideogui.exe
    File infected with the "W32/Sdbot.NOA" virus and could not be disinfected. The file was not deleted. It is recommended that you delete this file.

    C:\WINNT\system32\remon.sys
    File infected with the "W32/FUrootkit.F" virus and could not be disinfected. The file was not deleted. It is recommended that you delete this file.
     
  4. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    hi

    this is a dangerous situation, a rootkit/backdoor combination
    now if you use this infected computer to do online shopping, monetary transactions, or if it is a business computer it would really be the safest thing to format and reinstall the whole thing

    see http://www.dslreports.com/faq/10063

    if you still wish to attempt cleaning we can try ;)
     
  5. A Williams

    A Williams Registered Member

    Joined:
    Dec 4, 2005
    Posts:
    5
    I used safe mode to the delete the remon.sys file and when I did a scan after both viruses were gone. Do you think this worked if it didn't my first step would be an attempt to clean based on the size of whats on my hard drive and although it's backed up. It's still a horrendous job. I also installed processor guard so I have control what programs access my processor. I was planning on doing another scan this evening. What would be your first step?
     
  6. controler

    controler Guest

    Hello

    If I remember right, it doesn't do any good to install Process Guard on a rootkitted computer or any security software for that matter.
    Refering to polomorphic wrapping and stuff.
    PG works great if installed before infected. I am finding Unhackme Pro is able to find alot of stuff now. It's GUI uses firected scans which are easy but also contains some hard for beginners to understand as to what they are looking at.

    IceSword seems to be good at detecting things that should not be there also.
     
  7. controler

    controler Guest

    I thonk if many of us here found a bad rootkit , they would never feel sure they got rid of it without reformating. I know I wouldn't
    As long as you are sure it is not a false possitive LOL
     
  8. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    Con, thats a known rootki filename/variant, comes with a bot
    if i remember right you'll first have to disable/remove the device remon.sys in device manager( enable showing of hidden devices to see it)
    then dlete the file remon.sys, in safe mode
    also delete all other nasty files( do a virus scan in safe mode )
    then you will have to search the registry for the string remon, delete all associated registry values found
    you will also need to delete the startup entries of the bots from the registry
     
  9. A Williams

    A Williams Registered Member

    Joined:
    Dec 4, 2005
    Posts:
    5
    If I do a reformat is there any data files that these bugs would be in other than the sys files. Usually when I have to reformat my computer as in a new hard drive I transfer any files not backed up ie: Outlook files thru GoToMyPc to my business then transfer back as the Citrix server scans also (?) Would this be safe under the circumstances
     
  10. controler

    controler Guest

    Data files are harmless. I would save any e-mail address you may want. Do you need to save e-mail for a reason? If you must you must.

    con
     
  11. A Williams

    A Williams Registered Member

    Joined:
    Dec 4, 2005
    Posts:
    5
    Thanks for all the advice everyone it is very appreciated. My DSL provider is Aliant aka Bell and I had just changed over to their Security products they use a package from Freedom previously I was using Norton/ Spyware Begone/ Zone Labs, and I'm wondering if this virus problem is because of poor protection or just Bad Luck. This is the first time a virus has got through on me.
     
  12. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    My wife uses Freedom from Aliant since it came out and never had a virus. Seems it`s a good protection pkg they have.
     
Thread Status:
Not open for further replies.