Win32/Virut.nbp virus keeps returning

Discussion in 'ESET Smart Security' started by grassman, Apr 27, 2009.

Thread Status:
Not open for further replies.
  1. grassman

    grassman Registered Member

    Joined:
    Apr 27, 2009
    Posts:
    2
    3 files from C:\windows\system32 cannot be cleaned or deleted, not even in safe mode, can someone please give me a clue how to get rid of them.
    They are: imapi.exe, mstsc.exe, dvdupgrd.exe. win32/virut.nbp virus
    These files just keep coming back
    System restore in disabled on both hard drives

    I also had files from servicepackunistall and servicepack\i386 with exe files coming up as win32/virut.nbm virus. hopefully I have been been able to clean these and have no more worries with them.
    Thanks. Zigi.
     
    Last edited: Apr 27, 2009
  2. bodgy

    bodgy Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    2,387
    Location:
    Qld.
    Do you have system restore enabled on your machine? If so, disable it which will delete all your system restore points, boot inot safe mode and run a virus scan.

    System Restore has been known to hide virii which just respawn themselves every reboot.

    Colin
     
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    aree not the first 3 part of your operating system. For the fourth, why not try SAS.
     
  4. ASpace

    ASpace Guest

    Neither Safe mode nor SAS (SUPER Antispyware) will help because Virut is a virus infecting files and perhaps there are active system files infected . NOD32 is unable to clean them because they are active .

    @grassman

    You need to boot from non-Windows environment and perform full scan with the antivirus and clean the infected files . You can try with the Recovery Console of Windows (XP) / repair install and run ESET Command line scanner or try ESET SysRescue
     
  5. jhjm32087

    jhjm32087 Registered Member

    Joined:
    Feb 19, 2009
    Posts:
    10
  6. stevenSGza

    stevenSGza Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    1
    I was also infected with WIN32/VIRUT.nbm NO repair tools and methods described on the internet had removed the virus completely. I am running NOD32V4 and it did pick it up was neither able to repair or delete infected files. From all information obtained, it seems to be partially resident in the harddrive's bootsector. This meant that fdisk and format and re-installation of the OS did not rid you of this dreaded virus. The only way i was able to fix this, was to boot with ulimate boot cd, run the partition manager program and fill the boot sector with zeros. I obviously backed up all files onto another harddrive and now am too shitscared to transfer the data back. I will wait until i get confirmation from NOD32 or their alliance partner Microsoft to come up with a proper solution. In my opinion, NOD32 started going backwards when they came up with the versions after ver2 - maybe pleasing Microsoft in stead of concentrating on their core function of virus detection and removal. In my IT company, I swore by Norton untill 2000 and then moved to NOD32. It was a real pleasure to sort out clients' pc, because NOD did work then. When i saw the interface change and the interaction with Microsoft, i got a nervous twitch and thought that this looked frighteningly familiar to Microsoft. AND NOW: customers have to suffer due to the "integration" with Microsoft. I used to laugh at people saying that Microsoft was a virus - now i am not too sure if they were right.
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    ESET has nothing to do with Microsoft.
     
  8. grassman

    grassman Registered Member

    Joined:
    Apr 27, 2009
    Posts:
    2
    To stevenSGza, How long have you been win32/virut.nbp virus free? and if you don't like Nod, then what other antivirus would you suggest?

    Also I am thinking of using Darik's Nuke and boot to write over my present hard drive. Zigi.
     
  9. catnotspam

    catnotspam Registered Member

    Joined:
    May 1, 2009
    Posts:
    42
    Location:
    haifa
    o_O sounds like grassman has rootkits [MOVE][/MOVE]
     
  10. JimmyT

    JimmyT Former ESET Support Rep

    Joined:
    Apr 9, 2009
    Posts:
    14
    PM sent to obtain additional information
     
  11. llaw

    llaw Registered Member

    Joined:
    May 4, 2009
    Posts:
    1
    I have the same virus. Cleaned my HDD several times. But when connecting to internet have it back. Any suggestion?
    ps. system restore is off
    ... geting tired of IT!!!:(
     
  12. maximi89

    maximi89 Registered Member

    Joined:
    Jun 8, 2009
    Posts:
    2
    Hi, i have the same virus, i reinstall the OS, but the second partition infected me again... this malware works like a worm, reply on all files he can, NOD32 can't detect nothing, because the malware modified nod32.exe, this malware copy into c:\windows\system32 and \system32\drivers also on pchealth,
    i believe avira can delete it, http://mtc.sri.com/live_data/cc_servers/ here something about the malware, in my case this modified host file too, this is a trojan, this download a backdoor and connect to an IRC in China.
    this download a lot of malware, but i can't find where is the ****ing malware... now i going to reinstall again, if the MBR are infected how i read...

    when i reinstall the system i try with NTFS slow.

    i used adaware, nod32, gdata, combofix, and others, but i can't install any thing... ****! :cautious:


    more info here (spanish) http://www.forospyware.com/t247863.html

    they say with drweb are solved the problem...
    http://www.freedrweb.com/livecd/
     
  13. cocolucho

    cocolucho Registered Member

    Joined:
    May 8, 2008
    Posts:
    80
    Win32/Virut.nbp I was the only solution was to format the hard disk completely. the ESS 4.0.437.0 could do nothing
     
  14. maximi89

    maximi89 Registered Member

    Joined:
    Jun 8, 2009
    Posts:
    2
    i'm running Dr. Web, this detect a lot of malware,
    win32.virut.56,
    win32.hllm.generic.349
    trojan.spambot.2424
    trojan.ntrootkit.429

    this software remove the malware, also, system32 have a lot of malware and this ****ing malware start to install on all running software, start Dr. Web into Safe Mode.

    http://www.forospyware.com/t223976.html
    http://virusinfo.info/showthread.php?t=12160
    http://www.vsantivirus.com/za.htm
    http://www.pandasecurity.com/spain/...ware/encyclopedia/overview.aspx?idvirus=38611
    http://www.vsantivirus.com/ntrootkit.htm

    and something copyed into document and files of the current user.


    Greetings!
     
  15. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
  16. khortoom

    khortoom Registered Member

    Joined:
    Aug 11, 2009
    Posts:
    1
    Almost all antiviri boast with detecting this virus, the thing is they detect the side effects of it… I remember checking the binary executable file with Eset smart security before executing it… and got a clean bill… after executing it, ESS immediately started alerting about infection of any running operating system file with a myriad of malwares and viruses, but hey… it’s too late by that time :( these are just the offsprings downloaded thru the IRC channel by the IRC bot of the virus, and by cleaning them you just don’t acheive anything, the “mothership” is still there… I rechecked the file with virustotal.com and jotti.org, it turned out some antiviri would have detected the “PE.exe” component, and some others the “IFrame” one (but none detected both), and moreover, the stupid ESS detected none, a big minus for ESET! and a big lesson for me:run any suspicious file SANDBOXED (check “sandboxie”) after checking it with the above mentioned online multi-scanners first, also download and install the free Panda USB vaccine (google it) in the future.
     
  17. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    You can find information on how to submit undetected malware to ESET here.

    Regards,

    Aryeh Goretsky

     
  18. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Does no one ever pay attention to this sticky
     
Thread Status:
Not open for further replies.