Tech-101 Free Computer Support Tech-101 Free Computer Support

Home Forum FAQs Terms of Service
Go Back   Tech-101 Free Computer Support > Security > Virus and Malware Removal
Reload this Page Win32 HEUR .... Please Help!!
Connect with Facebook
Register FAQDonate Members List Calendar Search Today's Posts Mark Forums Read


Reply
Page 2 of 2 1 2
 
LinkBack (1) Thread Tools Search this Thread Display Modes
  #11 (permalink)  
Old 02-09-2010, 12:59 PM
Bobbye's Avatar
Site Admin

  
Join Date: Dec 2008
Posts: 869
Default
memphius, pleas wait on this until Blind Dragon has replied.
------------------------------

BD, what do you think about running this?

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\userinit.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Also scan these,

C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe


There sure seems to be a connection WinHeur and Virut with the AVG find.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #12 (permalink)  
Old 02-09-2010, 01:30 PM
Blind Dragon's Avatar
Site Admin

  
Join Date: Dec 2008
Location: Florida
Posts: 1,463
Send a message via MSN to Blind Dragon Send a message via Yahoo to Blind Dragon Send a message via Skype™ to Blind Dragon
Default
Yes Bobbye - Let's do that next to check for Virut as you have had issues with it in the passed and AVG does detect Virut as win32 heur.

No point in going on if it is in fact virut.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #13 (permalink)  
Old 02-09-2010, 02:24 PM
memphius's Avatar
Junior Member

  
Join Date: Feb 2010
Posts: 13
Send a message via Skype™ to memphius
Default
attached is my mbam log file. should i carry on with bobbye's instructions?
Attached Files
File Type: txt mbam-log-2010-02-09 (14-15-03).txt (1.2 KB, 2 views)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #14 (permalink)  
Old 02-09-2010, 02:31 PM
Blind Dragon's Avatar
Site Admin

  
Join Date: Dec 2008
Location: Florida
Posts: 1,463
Send a message via MSN to Blind Dragon Send a message via Yahoo to Blind Dragon Send a message via Skype™ to Blind Dragon
Default
Yes please do.

Then if it comes back negative we can clean up what's left and run a final scan.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #15 (permalink)  
Old 02-09-2010, 03:21 PM
memphius's Avatar
Junior Member

  
Join Date: Feb 2010
Posts: 13
Send a message via Skype™ to memphius
Default
c:\windows\system32\userinit.exe

VirSCAN.org Scanned Report :
Scanned time : 2010/02/07 02:07:17 (CST)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 26112 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
Online report : http://virscan.org/report/068d7909ae...fe1f91e28.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100206001945 2010-02-06 4.20 -
AhnLab V3 2010.02.07.00 2010.02.07 2010-02-07 1.14 -
AntiVir 8.2.1.160 7.10.3.219 2010-02-05 0.51 -
Antiy 2.0.18 20100201.3785967 2010-02-01 0.15 -
Arcavir 2009 201002051737 2010-02-05 0.03 -
Authentium 5.1.1 201002061523 2010-02-06 1.29 -
AVAST! 4.7.4 100206-2 2010-02-06 0.01 -
AVG 8.5.720 271.1.1/2660 2010-02-01 0.23 -
BitDefender 7.81008.5034348 7.30260 2010-02-07 0.77 -
ClamAV 0.95.3 10361 2010-02-06 0.01 -
Comodo 3.13.579 3409 2010-02-07 0.92 -
CP Secure 1.3.0.5 2010.02.07 2010-02-07 0.04 -
Dr.Web 5.0.1.12222 2010.02.07 2010-02-07 5.31 -
F-Prot 4.4.4.56 20100206 2010-02-06 1.28 -
F-Secure 7.02.73807 2010.02.07.02 2010-02-07 9.83 -
Fortinet 11.466- 11.466 2010-02-06 0.18 -
GData 19.10353/19.735 20100207 2010-02-07 6.20 -
ViRobot 20100205 2010.02.05 2010-02-05 0.45 -
Ikarus T3.1.01.80 2010.02.07.75129 2010-02-07 4.47 -
JiangMin 13.0.900 2010.02.07 2010-02-07 8.76 -
Kaspersky 5.5.10 2010.02.07 2010-02-07 0.12 -
KingSoft 2009.2.5.15 2010.2.6.20 2010-02-06 0.70 -
McAfee 5.3.00 5884 2010-02-06 3.59 -
Microsoft 1.5406 2010.02.06 2010-02-06 7.38 -
Norman 6.01.09 6.01.00 2010-01-16 6.39 -
Panda 9.05.01 2010.02.05 2010-02-05 0.81 -
Trend Micro 9.120-1004 6.832.02 2010-02-06 0.03 -
Quick Heal 10.00 2010.02.06 2010-02-06 2.00 -
Rising 20.0 22.33.06.03 2010-02-07 1.45 -
Sophos 3.04.1 4.50 2010-02-07 3.08 -
Sunbelt 3.9.2400.2 5662 2010-02-06 4.78 -
Symantec 1.3.0.24 20100201.009 2010-02-01 0.01 -
nProtect 20100205.01 7175224 2010-02-05 5.23 -
The Hacker 6.5.1.0 v00182 2010-02-07 0.48 -
VBA32 3.12.12.1 20100204.2153 2010-02-04 2.70 -
VirusBuster 4.5.11.10 10.119.42/2020782 2010-02-06 2.37 -
================================================== ===
C:\WINDOWS\explorer.exe

VirSCAN.org Scanned Report :
Scanned time : 2010/02/04 11:23:47 (CST)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 1033728 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 12896823fb95bfb3dc9b46bcaedc9923
SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
Online report : http://virscan.org/report/58585fa2b1...1cef793df.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100205002546 2010-02-05 5.04 -
AhnLab V3 2010.02.04.04 2010.02.04 2010-02-04 1.13 -
AntiVir 8.2.1.158 7.10.3.213 2010-02-04 0.30 -
Antiy 2.0.18 20100201.3785967 2010-02-01 0.02 -
Arcavir 2009 201002041350 2010-02-04 0.08 -
Authentium 5.1.1 201002041140 2010-02-04 2.35 -
AVAST! 4.7.4 100204-0 2010-02-04 0.05 -
AVG 8.5.720 271.1.1/2660 2010-02-01 0.23 -
BitDefender 7.81008.5013343 7.30213 2010-02-05 5.10 -
ClamAV 0.95.3 10355 2010-02-04 0.16 -
Comodo 3.13.579 3409 2010-02-04 1.06 -
CP Secure 1.3.0.5 2010.02.04 2010-02-04 0.11 -
Dr.Web 5.0.1.12222 2010.02.05 2010-02-05 5.35 -
F-Prot 4.4.4.56 20100204 2010-02-04 2.33 -
F-Secure 7.02.73807 2010.02.04.13 2010-02-04 0.19 -
Fortinet 11.456- 11.456 2010-02-04 0.27 -
GData 19.10297/19.727 20100204 2010-02-04 5.99 -
ViRobot 20100204 2010.02.04 2010-02-04 0.43 -
Ikarus T3.1.01.80 2010.02.04.75115 2010-02-04 4.46 -
JiangMin 13.0.900 2010.02.04 2010-02-04 13.34 -
Kaspersky 5.5.10 2010.02.04 2010-02-04 0.08 -
KingSoft 2009.2.5.15 2010.2.4.20 2010-02-04 0.61 -
McAfee 5.3.00 5882 2010-02-04 3.56 -
Microsoft 1.5406 2010.02.04 2010-02-04 6.63 -
Norman 6.01.09 6.01.00 2010-01-16 4.01 -
Panda 9.05.01 2010.02.04 2010-02-04 2.16 -
Trend Micro 9.120-1004 6.822.03 2010-02-04 0.04 -
Quick Heal 10.00 2010.02.04 2010-02-04 1.62 -
Rising 20.0 22.33.03.04 2010-02-04 0.57 -
Sophos 3.04.1 4.50 2010-02-05 3.02 -
Sunbelt 3.9.2398.2 5655 2010-02-03 2.64 -
Symantec 1.3.0.24 20100201.009 2010-02-01 0.01 -
nProtect 20100203.01 7137481 2010-02-03 7.60 -
The Hacker 6.5.1.0 v00180 2010-02-04 0.63 -
VBA32 3.12.12.1 20100202.2221 2010-02-02 2.58 -
VirusBuster 4.5.11.10 10.119.39/2033258 2010-02-05 2.67 -
================================================== =
C:\WINDOWS\System32\svchost.exe
VirSCAN.org Scanned Report :
Scanned time : 2010/02/04 11:32:03 (CST)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 14336 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667
Online report : http://virscan.org/report/ae3d173cd1...62f37015f.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100205002546 2010-02-05 28.61 -
AhnLab V3 2010.02.04.04 2010.02.04 2010-02-04 1.15 -
AntiVir 8.2.1.158 7.10.3.213 2010-02-04 0.12 -
Antiy 2.0.18 20100201.3785967 2010-02-01 0.02 -
Arcavir 2009 201002041350 2010-02-04 0.03 -
Authentium 5.1.1 201002041140 2010-02-04 1.26 -
AVAST! 4.7.4 100204-0 2010-02-04 0.00 -
AVG 8.5.720 271.1.1/2660 2010-02-01 0.22 -
BitDefender 7.81008.5013343 7.30213 2010-02-05 5.09 -
ClamAV 0.95.3 10357 2010-02-04 0.01 -
Comodo 3.13.579 3409 2010-02-04 0.89 -
CP Secure 1.3.0.5 2010.02.04 2010-02-04 0.04 -
Dr.Web 5.0.1.12222 2010.02.05 2010-02-05 5.14 -
F-Prot 4.4.4.56 20100204 2010-02-04 1.29 -
F-Secure 7.02.73807 2010.02.04.15 2010-02-04 10.11 -
Fortinet 11.456- 11.456 2010-02-04 0.19 -
GData 19.10297/19.727 20100204 2010-02-04 7.09 -
ViRobot 20100204 2010.02.04 2010-02-04 0.42 -
Ikarus T3.1.01.80 2010.02.04.75115 2010-02-04 4.46 -
JiangMin 13.0.900 2010.02.04 2010-02-04 21.72 -
Kaspersky 5.5.10 2010.02.04 2010-02-04 0.07 -
KingSoft 2009.2.5.15 2010.2.4.20 2010-02-04 0.58 -
McAfee 5.3.00 5882 2010-02-04 3.46 -
Microsoft 1.5406 2010.02.04 2010-02-04 6.95 -
Norman 6.01.09 6.01.00 2010-01-16 4.01 -
Panda 9.05.01 2010.02.04 2010-02-04 4.33 -
Trend Micro 9.120-1004 6.822.03 2010-02-04 0.03 -
Quick Heal 10.00 2010.02.04 2010-02-04 1.41 -
Rising 20.0 22.33.03.04 2010-02-04 0.57 -
Sophos 3.04.1 4.50 2010-02-05 2.97 -
Sunbelt 3.9.2398.2 5655 2010-02-03 2.51 -
Symantec 1.3.0.24 20100201.009 2010-02-01 0.00 -
nProtect 20100203.01 7137481 2010-02-03 5.36 -
The Hacker 6.5.1.0 v00180 2010-02-04 0.44 -
VBA32 3.12.12.1 20100202.2221 2010-02-02 2.46 -
VirusBuster 4.5.11.10 10.119.39/2033258 2010-02-05 2.35 -
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #16 (permalink)  
Old 02-09-2010, 03:22 PM
memphius's Avatar
Junior Member

  
Join Date: Feb 2010
Posts: 13
Send a message via Skype™ to memphius
Default
thanks again guys for your help
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #17 (permalink)  
Old 02-09-2010, 03:28 PM
Blind Dragon's Avatar
Site Admin

  
Join Date: Dec 2008
Location: Florida
Posts: 1,463
Send a message via MSN to Blind Dragon Send a message via Yahoo to Blind Dragon Send a message via Skype™ to Blind Dragon
Default
Can you please turn off system restore, as your restore point is infected.
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. click Yes to confirm that you want to turn off System Restore:

Steps to turn on System Restore
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to clear the Turn off System Restore check box. Or, click the Turn off System Restore on all drives check box.
4. Click OK.

After a few moments, the System Properties dialog box closes.
====================================

Run Kaspersky Online AV Scanner

In order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Post the report into your next reply
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #18 (permalink)  
Old 02-09-2010, 06:19 PM
Bobbye's Avatar
Site Admin

  
Join Date: Dec 2008
Posts: 869
Default
Glad that scan didn't show Virut.

But you might want to remove this pirated program if you need help in the future:
Adobe CS3\adobe-master-cs3-keygen.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
  #19 (permalink)  
Old 02-10-2010, 03:23 PM
Blind Dragon's Avatar
Site Admin

  
Join Date: Dec 2008
Location: Florida
Posts: 1,463
Send a message via MSN to Blind Dragon Send a message via Yahoo to Blind Dragon Send a message via Skype™ to Blind Dragon
Default
Run CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Quote:
File::
C:\Documents and Settings\USER\My Documents\Azureus Downloads\Stardock Window Blinds v6.1 Build55 [ Enhanced!]\1.Keygen\Stardock WindowBlinds v6.02 Build 43 x86 Enhanced Keygen.exe
C:\Documents and Settings\USER\My Documents\Azureus Downloads\Stardock Window Blinds v6.1 Build55 [ Enhanced!]\1.Keygen.rar

Restart::
Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again.

========================================

Congratulations, your logs now appear clean.

Cleaning up

Download and Run OTC by Oldtimer
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Clear System Restore Points
This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
    This will remove all restore points except the new one you just created.
Use the Secunia Software Inspector to check for out of date software.
  • Visit Secunia Software Inspector
  • Click Start Now
  • Check the box next to Enable thorough system inspection.
  • Click Start
  • Allow the scan to finish and scroll down to see if any updates are needed.
  • Update anything listed.
Staying Clean

Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. Some very good and easy-to-use free A/V programs are AVG, Avast, and AntiVir.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Two good ones that are freeware to boot are Sunbelt, and Comodo

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.This is done in Vista through control panel -> windows updates.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically.

Useful Links and More Info

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Reply With Quote
Reply
Page 2 of 2 1 2

Tags
heur, virus, win32, win32heur

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

LinkBacks (?)
LinkBack to this Thread: http://www.tech-101.com/virus-malware-removal/1111-win32-heur-please-help.html
Posted By For Type Date
Win32 HEUR .... Please Help!! - Tech-101 Free Computer Support This thread Refback 02-03-2010 04:52 PM


All times are GMT -4. The time now is 04:35 PM.

Copyright © 2009 Tech-101.com. All rights reserved.

About Us - Privacy Policy - Contact Us - Tech-101 Free Computer Support - Archive - Terms of Service - Top
Tech-101 Free Computer Support Tech-101 Free Computer Support