Win32/Virut.NAT Infection

Discussion in 'ESET NOD32 Antivirus' started by Johnny Faster, Nov 9, 2007.

Thread Status:
Not open for further replies.
  1. Johnny Faster

    Johnny Faster Registered Member

    Nov 9, 2007
    Working on a customer's computer which is infected with Virut.

    It was brought in because it would immediately logoff after logon, and none of the fixes I found worked.

    It's an emachine, and no Repair Install is possible, so I am trying to clean the Virut from the HD (it's installed as secondary on my Vista machine) before backing up the data and performing a eMachine "Restore" (New Install).

    Noticed that all of the 65 or so remaining infections are all *.HTM files.

    First, can I assume that if I delete all the infected files the data will be "clean" and I can then copy it back to the newly-installed O/S (XP) without reinfecting ?

    Also, do the infected .HTM files create new infected files, and if so how. I would think that one would have to activate the infected file to do anything, and from what I have read the Virut simply appends some HTML text to the .HTM file. What purpose is there for this, and what does an infected file do once infected ?

    Or is there some second active file that is going about infecting all the .HTM files ?

    Any help appreciated, and thanks in advance.

  2. Thankful

    Thankful Savings Monitor

    Feb 28, 2005
    New York City
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.