Virus

G

Guest

Apparently I have a virus (WIN32/Rustock.gen!c) on my home computer and it
keeps shutting down my computer. I have run my anti-virus software program
(AVG 7.5) but it does not detect the error. How can I remove this virus?

Thanks for any help that can be offered!
 
C

Carey Frisch [MVP]

Cleaning a Compromised System
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

"The only way to clean a compromised system is to flatten and rebuild.
That’s right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system disk)
and rebuild it from scratch (reinstall Windows and your applications)."

--
Carey Frisch
Microsoft MVP
Windows - Shell/User

---------------------------------------------------------------------------­-----

:

Apparently I have a virus (WIN32/Rustock.gen!c) on my home computer and it
keeps shutting down my computer. I have run my anti-virus software program
(AVG 7.5) but it does not detect the error. How can I remove this virus?

Thanks for any help that can be offered!
 
G

Guest

How do I reformat the system disk? Can it be done in Safe Mode? What will
happen if the computer shuts down in the middle of reformatting?

Thanks for your help!
 
C

Carey Frisch [MVP]

Clean Install Windows XP
http://www.michaelstevenstech.com/cleanxpinstall.html

--
Carey Frisch
Microsoft MVP
Windows - Shell/User

---------------------------------------------------------------------------­-----

:

How do I reformat the system disk? Can it be done in Safe Mode? What will
happen if the computer shuts down in the middle of reformatting?

Thanks for your help!
 
K

Ken Blake

Christi said:
How do I reformat the system disk? Can it be done in Safe Mode?
Click to expand...


No. You can't format the Windows drive from within Windows (not even safe
mode), since that would leave Windows without a leg to stand on.
Just boot from the Windows XP CD (change the BIOS boot order if necessary to
accomplish this) and follow the prompts for a clean installation (delete the
existing partition by pressing "D" when prompted, then create a new one).

You can find detailed instructions here:
http://michaelstevenstech.com/cleanxpinstall.html

or here http://windowsxp.mvps.org/XPClean.htm

or here http://www.webtree.ca/windowsxp/clean_install.htm
 
M

Malke

Ken said:
No. You can't format the Windows drive from within Windows (not even safe
mode), since that would leave Windows without a leg to stand on.
Just boot from the Windows XP CD (change the BIOS boot order if necessary to
accomplish this) and follow the prompts for a clean installation (delete the
existing partition by pressing "D" when prompted, then create a new one).

You can find detailed instructions here:
http://michaelstevenstech.com/cleanxpinstall.html

or here http://windowsxp.mvps.org/XPClean.htm

or here http://www.webtree.ca/windowsxp/clean_install.htm
Click to expand...

All that aside, I don't know why Carey insists on telling people to wipe
the hard drive and clean install Windows when they have a suspected
virus or malware. As we all know, this is rarely necessary.

Christi - Since I'm not sure if my normal preparation and removal tools
will help in Vista, at the very least you can do a few things before
starting over with Windows:

1. Send a copy of the suspect file to VirusTotal to make sure it is
indeed a virus and not just a false-positive by AVG.
http://www.virustotal.com/

2. Post in one of the specialty forums here:

http://aumha.net/ - Click on the HijackThis forum. Read the announcement
and the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

They may have you run HijackThis and will show you how to do that and
then analyze your log.


Malke
 
N

Neil Harley

Malke said:
All that aside, I don't know why Carey insists on telling people to wipe
the hard drive and clean install Windows when they have a suspected
virus or malware. As we all know, this is rarely necessary.
Click to expand...


I find it quicker to re-image than to mess about removing a virus which
may / may not end up being removed completely. I'm with Carey on this one.

By the time I've gone through your steps I could have re-imaged, cooked
dinner and gone out with my better half for the evening. YMMV :)
 
M

Malke

Neil said:
I find it quicker to re-image than to mess about removing a virus which
may / may not end up being removed completely. I'm with Carey on this one.

By the time I've gone through your steps I could have re-imaged, cooked
dinner and gone out with my better half for the evening. YMMV :)
Click to expand...

Yes of course you could. But the majority of people who post on this
newsgroup don't have an image available and have no idea how to do this.
The majority of people who post can get through a malware cleanup by
following instructions or they need to take the machine to someone skilled.

My mileage certainly does vary because, like all other professionals I
know, I have images and backups and plenty of operating system install
disks. Installing an operating system - with or without images - is no
big deal for people who have done that thousands of times for years and
years.

My client base is home users and small businesses and I will tell you
that when they first come to me absolutely none of them have images and
very few of them have burned CD/DVD backups.


Malke
 
C

Christo van Deventer

Download - rustbfix.exe and save it to your desktop.

Double click on rustbfix.exe to run the tool.
If a Rustock.b-infection is found, you will be asked to reboot the computer.
The reboot will probably take quite a while, and perhaps 2 reboots will be
needed. But this will happen automatically.
After the reboot 2 logfiles will open (c:\avenger.txt &
c:\rustbfix\pelog.txt). If needed (still infected), post the content of
these logfiles
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Missing .dll File 2
Suspicious file problem 7
Win32/PSW.Lineage.DN/ PWS-Lineage virus Message 1
Preventing my computer from restarting automatically b4 my setting 1
Anti-Virus interference 9
virus win32/nuqel.e 19
Vista AVG8 and Vista 15
removing unwanted items on system configuation.. 3

Top