Hi

I just scanned my computer using malwarebytes anti malware and it found a Malware.trace (registry trace) file which I don't know how to remove. With a current AVG scan it also found win32/virut and torjanhorse generic 13XHS. Any help in removing these buggers would be greatly appreciated!

Thanks!
Emi

Let's double check Virut infection.

Please download DrWeb CureIt (Dr.Web CureIt! ? download free anti-virus! Cure viruses, Best free anti-virus scanner!) & save it to your desktop.

Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe and then click Start. Click OK in a pop-up window allowing Express Scan
o This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the Scan tab and uncheck Heuristic analysis and click OK
* Back at the main window, select the Complete scan button.
* Then click the Green Arrow Start Scanning button on the right and the scan will start.
o Click Yes to all if it asks if you want to cure/move any file(s).
* When the scan is done...
* In the Dr.Web CureIt menu on top left, click File and choose Save report list.
* Save the DrWeb.csv report to your Desktop.
* Exit Dr.Web Cureit.


* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot. Leave the Dr. Web CureIt log on the desktop.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan a pop-up window will appear, asking you to buy a full version. Simply close the pop-up window.

did not see you broni

Sorry did not see you broni

Not a problem, Neal
I just wanted to make sure, we're dealing with Virut here.
If Dr.Web will run, it'll tell us.

Hi thanks for the quick response. I tried to scan my whole system with Dr.Web but it keeps crashing a quarter of the way through. Is there any alternative programme I can use?
Avg has also found another trojan horse called psw.banker5.OGA.
Cheers
Emi

Upload following files to VirusTotal - Free Online Virus and Malware Scan for security check:
- explorer.exe located @ C:\Windows
- userinit.exe and svchost.exe located @ C:\Windows\System32

Hi

The results showed W32/Virut.AI!Generic in all three of them.

Unfortunately....

You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

* Backup all your documents and important items only.
* DO NOT backup any executable files (,exe .scr .html or .htm)
* Do Not back up compressed files (zip/cab/rar) files that may contain .exe or .scr files


I suggest you do the following immediately:

* Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
* From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
* DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Ok thanks I will do so.