Win32/Virut.NAT Infection

Discussion in 'ESET NOD32 Antivirus' started by Johnny Faster, Nov 9, 2007.

Thread Status:
Not open for further replies.
  1. Johnny Faster

    Johnny Faster Registered Member

    Nov 9, 2007
    Working on a customer's computer which is infected with Virut.

    It was brought in because it would immediately logoff after logon, and none of the fixes I found worked.

    It's an emachine, and no Repair Install is possible, so I am trying to clean the Virut from the HD (it's installed as secondary on my Vista machine) before backing up the data and performing a eMachine "Restore" (New Install).

    Noticed that all of the 65 or so remaining infections are all *.HTM files.

    First, can I assume that if I delete all the infected files the data will be "clean" and I can then copy it back to the newly-installed O/S (XP) without reinfecting ?

    Also, do the infected .HTM files create new infected files, and if so how. I would think that one would have to activate the infected file to do anything, and from what I have read the Virut simply appends some HTML text to the .HTM file. What purpose is there for this, and what does an infected file do once infected ?

    Or is there some second active file that is going about infecting all the .HTM files ?

    Any help appreciated, and thanks in advance.

  2. Thankful

    Thankful Savings Monitor

    Feb 28, 2005
    New York City
Thread Status:
Not open for further replies.