win32.virut.ce and google chrome

  herc182 12:45 21 Mar 2010
Locked

I got an alert from Kaspersky telling me this was on my computer. After using various tools, i think I have got rid of it.

I have run superantispyware, spybot and now A2 to make sure. The latter still running.

One weird side effect of the removal process is that google chrome wont connect to the internet. Firedfox and IE work, but chrome no.

I also get this when I start IE (a warning from kaspersky):

"phishing URL click here== click here== High"

Any thoughts? I am using windows 7.

Thanks

  herc182 12:47 21 Mar 2010

DONT CLICK!!! this is the link warning



"phishing URL //zxclk9abnz72.com/AxYFWIkp8m7AlEVykJ57k1U7yfy8MtqIvbgmDvzWs+C4OLJ5p+80ZAkGzwRrPUa9h+SqUkQFBN1WiIy9hJZ82wIGkPFV3NuM5TUvm47jV0bM1z9OWaSRJZWlRHPo7rKLr0px6ENcM98lVPooCPMgBRCz+zqRaeD7o9T6azPiPNysYfed1LP8CTJamCEl+uMtRtRY4pONjCQFDFOMRjmX4VnAfhN0HfOO/IUUSGXM6SWMYkIgOsc1ywFJSjCSKt6enKEVDosBv2FV4559XoDyNyZF/FzZT82tX1oKgM4yzc12zOIqGsAAHyacPW0BHXVbF+Y2G4G3Gqj6JR1wfX5CeGEQtUG23sWY8emhOrbzODjf+2TLpOV0oY+GAl5GHS57XZu/kmJWFmKGWWjLtaiSjZe07Dz1Gum+kQzzb26cgTPzvGhKOq1G4v2z3rPiK/Q6Qw7VafXqFwqDJfMc9RaKhtQJc3eRgM74m/n2wj4va4z0PsPrWqPNC9BSRI5OXCUaMQSdfORdenYpig28MEnc1wQFlfgS2ycn37p4826GZcgTMH5ual3oYPJreCG/2qxuiwygSSRllw== click here== High"

  herc182 12:50 21 Mar 2010

FYI google chrome opens but doesnt connect. Its just a blank page.

  herc182 16:21 21 Mar 2010

Any thoughts?

Thank you

  JustAHelper 03:11 16 Apr 2010

Solution is below

Whats Wrong:
Every time I navigated on my browser my antiviurs would inform me that it was blocking a

Trojan virus from one of three IP addresses:

zxclk9abnz72.com/AxYFWI0v8DKaxkBxkJ94yAI7...
Dirección IP:
78.47.248.116:80

213.163.89.106
Dirección IP:
lk01ha71gg1.cc/KVC2wuFd7x4Jz2C4dmVyPTMuNzImYmlkPTg2MTgzYWUzl=LTc0ODEtNDViMC1hNmFjLTY3N2ZlZ

jJkMjNlNSZhaWQ9MTAwMDlmc2lkPTAmcmQ

and
213.163.89.105

Viruses come from adjusting
1) Registry entries
2) Adding new files
3) Pretending to be existing files

So any application that determines what is accessing the registry or which files are being

used are useful.

From demo applications on the web these allowed me to determine that it was an additional

HTTP request from IE7 that was being made. I'd already monitored the registry so it had to

be an inbedded file in IE or OS making the request.

I felt that I could only choose between reinstalling either IE7 (not possible, and the

Reset Option didnt work) or the last Operationg System ServicePack.


Solution:
So I plumpted to uninstall SP2 and then resinstall. This kicked the virus files to be

detected by the antivirus software. It seems that without doing this the files were "part

of the OS"

netbt.sys was the file with no access privilleges so my antivirus could not do anything

about it

Located under:
C:\Windows\winsxs\x86_microsoft-windows-

netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1
c:\windows\system32\drivers\netbt.sys

Found a web site that told me how to delete System files that said to use the following:
takeown /f <filepath & filename>

then
cacls <filepath & filename> /G <your user account>:F

and obviously
del <git of a file>

This took 2 days to solve, but hey, its only a computer so
"There is always a solution" - always my moto to anyone that knows me.

;-)

  birdface 09:37 16 Apr 2010

Not looking to good according to this you may need to reformat.

click here

Maybe best bet would be to go to the Malware Removal Forum for help.

click here

It will probably take a few days for them to contact you as they are kept very busy.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Fujitsu Lifebook P727 laptop review

Converse draws on iconic heritage for a fresh brand identity

Mac power user tips and hidden tricks

Comment lancer Windows 10 en mode sans échec ?