Win32/Virut.NAT

Discussion in 'ESET Smart Security v3 Beta Forum' started by xZippy, Oct 25, 2007.

Thread Status:
Not open for further replies.
  1. xZippy

    xZippy Registered Member

    Joined:
    Oct 25, 2007
    Posts:
    11
    This virus or "virut" has taken over almost every file in my computer, NOD32 keeps warning me about them but can't clean them. Oh my god what can I do?! I reformatted and this crap STILL happens!! I can't use anything, and every 2 seconds NOD32 tells me a program is infected with this Win32/Virut.NAT crap...
     
  2. ASpace

    ASpace Guest

    Open NOD32 Control Center -> AMON -> Setup
    On "Actions" tab choose the option "Clean automatically" (the radio button) . Confirm with OK . This will make AMON auto clean with no further warnings .

    Then , make sure ESET NOD32 is updated . Download ~ . Boot in Safe Mode and run it . This will perform full scan with NOD32 and will attempt to clean the files . Every file NOD32 "will interfere" will be copied to quarantine.

    NOD32 should be able to clean the files . Otherwise they will be deleted . Also I know of some variants that according to AV vendor cannot be cleaned because the Virus has overwritten the file's code. If this time it cannot be cleaned , you can:

    1. Disabled temporary NOD32 , pick up some infected EXEs , zip them and send them to ESET to support[at]eset.com
    2. Then create and archive with the most important things you need BUT NOTHING executable , no exe , no scr , no executable file (just docs , music , pictures...)
    3. Reinstall Windows , do a FULL FORMAT of the hard drive
    4. Install firewall or enabled Windows Firewall , install ESET NOD32 , update it and then everything else
     
    Last edited by a moderator: Oct 25, 2007
  3. xZippy

    xZippy Registered Member

    Joined:
    Oct 25, 2007
    Posts:
    11
    Forgive me, I wanted to put this in the beta NOD32 forum.
     
  4. ASpace

    ASpace Guest

    The beta , ok then . Eset Smart Security or Eset NOD32 Antivirus ? I have magic files for them , too :D
     
  5. xZippy

    xZippy Registered Member

    Joined:
    Oct 25, 2007
    Posts:
    11
    NOD32 Antivirus... The beta one that is, version 3.0.414_rc1 I believe.
     
  6. ASpace

    ASpace Guest

    Make sure ESET NOD32 Antivirus v3 is updated . Download this . Boot in Safe Mode and run it . This will perform full scan with NOD32 and will attempt to clean the files . Every file NOD32 "will interfere with" will be copied to the Quarantine
     
  7. dannyboy

    dannyboy Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    113
    Location:
    UK
  8. xZippy

    xZippy Registered Member

    Joined:
    Oct 25, 2007
    Posts:
    11
    Dude, honestly, this is a battle I can never, ever win. I have reinstalled Windows like three times. I can reinstall 1000 times more but this same crap will still happen. I love NOD32 but ain't doing nothing about this. Everyday there's a new foreign file on this computer that is infected. Is there anyway I can... You know, like... GET RID OF THIS?!

    And HiTech, I used your file in Safe Mode, I doubt it did anything. I did this in Safe Mode without networking. And I had to move this file to the NOD32 directory for it to do anything.

    I think this Virut is also creating IE pop-ups in Firefox... I think..
     
  9. ASpace

    ASpace Guest

    Hi !

    It is impossible to get something reinfected if you have reinstalled Windows with FULL FORMAT of the hard drive(s) . It is also impossible to re-infect your system if you don't bring anything infected from there (e.g. NO executable files , NO , NO , NO - only documents , music , pictures and other non-executable stuff) . It is also not possible to reinfect your system if you follow basic security rules (such as firewall always ON and antivirus always working and updated) . I mean as soon as you reinstall the firewall must be enabled.


    Here is virus description for ESET Smart Security's help:


    You said you had to move my bat info NOD32's directory to work . The bat is made to wok only if your OS is runned on the same partition Eset's product is installed on. (E.g. EA installed on C:\ , Windows installed on C:\ , too) .

    If you have multiple partitions of your hard drive , you'd better kill them during the Windows reinstallation process and format everything.
     
    Last edited by a moderator: Oct 29, 2007
  10. xZippy

    xZippy Registered Member

    Joined:
    Oct 25, 2007
    Posts:
    11
    After my like.. Third reformat, I've carefully monitored everything I did, but that didn't help. I really have no time to reformat again, I don't. Whatever has been on my computer is very well put together, because it just slips right under NOD32's powerful hands. Yes, I did use a "FULL FORMAT"... Three times! My firewall and NOD32 were the first thing I installed after format, but no, I guess that wasn't good enough.

    And I think you moved this thread to the wrong section. My computer isn't freaking out like it did last time, a few Win32/Virut.NAT files made its way here but I got rid of them, and so far I don't see any weird processes going, weird startup exe's in msconfig, and no strange files in my C:\WINDOWS\Temp folder, and hopefully none in my system32 folder.
     
  11. ASpace

    ASpace Guest

    Contact ESET Technical Support Dept . Fill in this form , describe the problems , provide a link to this thread.
     
  12. xZippy

    xZippy Registered Member

    Joined:
    Oct 25, 2007
    Posts:
    11
    The part where it says "System Information*"... It tells me how to get that info, but that only works with NOD32 v2...

    And are the new beta versions of NOD32 better to use than the full version of v2?
     
    Last edited: Oct 28, 2007
  13. ASpace

    ASpace Guest

    Don't worry about it and go ahead.

    ESET will advice you on this
     
  14. xZippy

    xZippy Registered Member

    Joined:
    Oct 25, 2007
    Posts:
    11
    Well, I made my last reformat... But before I formatted anything, I deleted the infected files that were lurking on my external, then I got my firewall and NOD32 as quick as godly possible. If this virut gets me again, the world will forever hear the dangers of Win32/Virut.NAT, I will not rest until this gets aware of.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, I think some of ur backup/ data files are infected. After a format, when u recover some data or other files etc, u get infected.

    Network is another possibility. Did you disconect from network/ internet during install and installed a FW before connecting to network?
     
  16. xZippy

    xZippy Registered Member

    Joined:
    Oct 25, 2007
    Posts:
    11
    When I reformat, there is no way I can connect to the internet until I manually set up the Ethernet Controller drivers myself, which I do after reformat.

    There are two very well hidden folders on my external, one folder is "System Volume Information" and the other is "RECYCLER". They are hidden AND appearing to be system files. The System Volume one I cannot open, it restricts me, but I can open the RECYCLER one... Are these folders normal?
     
  17. dannyboy

    dannyboy Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    113
    Location:
    UK
    system volume information is System Restore, a feature of Windows XP. If the system allowed you to modify this folder you could end up with a non-working system.

    recycler is the recycle bin
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    This virus is very nasty. Sure it,s coming from ur backup files. May be it,s in system volume information or recycler. Very high chance of that. Pls do a formate as this:

    1- Don,t connect to network during and after a format until u install ur AV and FW.

    2- Don,t restore any backups from any external media( CD, DVD, USB, external HD) until u install a FW and ur AV.

    3- Disable all autorun features on ur sytem( autorun for CDs and USB devices).

    4- Update ur AV.

    5- After u install an AV and FW, update ur AV and do in-depth scan each of external media storage devices with ur AV before opening anyone of them

    6- Format ur external HD as well.

    I am not sure if u can handle popups by HIPS or not. But if I am in ur place, after step4, I will put a HIPS in paranoid mode( with file protection feature) to see what,s the source of virus. Very effective in such situitions. If u can,t handle it, just after installing ur AV, try adding ThreatFire as an extra layer of protectiuon in addition to ur AV.
     
    Last edited: Oct 29, 2007
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    How a non-working system just by loosing system restore? I can,t understand it?
     
  20. rapierau

    rapierau Registered Member

    Joined:
    Apr 5, 2007
    Posts:
    15
    Turn your system restore function OFF. Its probably already infected anyway and will only lead to further frustration.
    Oh please tell me your using a SP2 version of the XP installation CD. This will give you a slightly more secure system than a non SP2 version. If you havent got a copy borrow it from a friend.

    If it was my PC I would disconnect all HDD except the one containing the primary active partition. If its a multi-
    partitioned drive I would destroy all other partitions and make it into one large primary job. As painful as losing years of personal data is, a infected PC is not a useable PC at all.

    Oh and when you get your OS up and running, updated and after installing NOD32, updating and running a full deep scan and getting a clean bill of health on your OS, (you now have a useable PC), turn your system restore back off. You dont need it until you get all your data and drives clean.

    Treat any backups, self made CD's/DVD's, downloads as infected. Only trust manufactured CD's/DVD's until your positive they are clean.
     
    Last edited: Oct 29, 2007
  21. girishrajg

    girishrajg Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    1
    I had the same issue in my PC. Im using NOD32 RC 3.0.414.0. I tried formatting but didnt help. Whenever I try to run any program i get an error message and nothing works. I then reinstalled NOD32 and ran a complete scan. NOD32 found more than 800 infiltrations. Some were cleaned and quarentined but some had to be deleted. Finally I started getting Windows error message saying Windows XP Service Pack cannot work properly since some required files are missing. So after all the infiltrations were cleaned/deleted, I reinstalled XP. Now my system works fine without any problem.
    Hope this helps!!

    Regards
     
  22. xZippy

    xZippy Registered Member

    Joined:
    Oct 25, 2007
    Posts:
    11
    Hey HiTech_Boy, remember that file you gave me? You know, the one that I should run in safe mode? Will that file work with NOD32 3.0.551.0 Final?
     
  23. ASpace

    ASpace Guest

    The bat file ?

    Yes , it will work with any version (3) unless something in the commands changes . The bat is made to work if your ESET product is installed in %ProgramFiles% dir
     
Thread Status:
Not open for further replies.