Results 1 to 8 of 8

Thread: Virus.Win32.Virut.q

  1. #1
    macaw Guest

    Default Virus.Win32.Virut.q

    Hi,
    My computer has been infected with a nasty virus. I believe that all the files (e.g., pmnlk.dll, qmaedehi.exe) and registry keys it created have
    been deleted. However, it has infected all of the .exe files on my computer.
    Zone Alarm states that over a thousand execuable files have been infected with Virus.Win32.Virut.q and
    tries to repair them without any success. It then asks to delete
    and quarantine them
    when rebooting, which is not an option since this includes system files (among other important programs). Every time a program-control balloon from ZA pops up asking for access, it states that the program has been modified since it last ran. The virus is preventing me from killing programs
    using the task manager and from accessing services.msc and gpedit.msc. I am making do with the command line for now. Does anyone have any ideas on how to remove it? Thank you for any help.
    Macaw

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Pro

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Virus.Win32.Virut.q

    Hi!I guess you are using the latest version of ZASS 7, your signature refers to ZAPRO that does not contain any antivirus...Try the following:1. Disable system restore;2. Reboot in SAFE MODE3. Manual run ZASS (ZA firewall will be OFF but Antivirus/Antispyware will be functional)3. Run a full ZA AV/AS scan4. Reboot in Normal Mode5. Ensable System restoreHow to start in SAFE MODE: http://www.microsoft.com/resources/d..._failsafe.mspxHow to disable windows SYSTEM RESTORE:http://support.microsoft.com/kb/310405If the above fails you may want to read this guide to remove the infection: http://www.bleepingcomputer.com/forums/topic18610.htmland also download, update and scan with superantispyware FREE:http://www.superantispyware.com/download.htmlif ALL the above fails please post your Hijackthis log here:http://www.castlecops.com/f67-Hijack...ans_Oh_My.htmlPlease read mandatory steps before posting:http://www.castlecops.com/t102301-Hi...e_Posting.htmlFax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    macaw Guest

    Default Re: Virus.Win32.Virut.q

    Yes. I am using Version 7.0.408, but
    it isn't starting when I boot in safe mode. I disabled system restore and I got zlclient.exe to run, but I wasn't sure how to get the ZA control panel up, and the option to scan files is grey in the context menu. I got Avast! to run, but it doesn't see the infection.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Virus.Win32.Virut.q

    HI!please don't mess up with other antivirus... it will create problems to ZA and its cleaning capability as well as conflicts.Remove AVAST and any other AV you have installed so far.As already mentioned in my previous e-mail "ZA firewall will be OFF but Antivirus/Antispyware will be functional"Open ZA mnually from Start --> programs --> zonealarm --> ZoneAlarm.....etcGo to the ZA antivirus/antispyware tab and push on "Scan for viruses/Spyware"and follow all the other suggestions if the scan in SAFE MODE fails to remove the infection (first try to download, update and run superantispyware)Did you install 7.0.408.000 after the infection??? If yes, it will really be difficult to remove it.ZASS is designed to keep clean your system and not as a cleaning tool, the malware that infected your system may comprise a Rootkit that is very difficult to remove.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    macaw Guest

    Default Re: Virus.Win32.Virut.q

    Hi,
    Thank you for your help. I managed to get
    ZA to work in safe mode, but the files apparently cannot be disinfected http://forums.spybot.info/showthread.php?t=18075.
    Still, netstat isn't showing any strange connections. I think I have stopped the virus from communicating with its home base at 81.95.146.251 by adding a rule to ZA. It appears to slow my computer down only at start-up, so I'll leave it alone. (I can't afford to do a clean install.)
    Have a good day.
    Sincerely,
    Macaw

  6. #6
    macaw Guest

    Default Re: Virus.Win32.Virut.q

    P.S. I did try those removal tools you linked and running a HijackThis log analyzer, but I think the virus is too robust. Thank you again any way.

  7. #7
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Virus.Win32.Virut.q

    Hi!install superantispyare free andperform an online scan at http://www.ewido.net/en/onlinescan/.Thenfollow the direction I have given you to post your Hijacklog to malware specialists at castlecops.com.There will be no need to clean install your system Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Virus.Win32.Virut.q

    Hi!no the virus can be removed... you just have to be patient and follow the advise at castlecops.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •