Digital Protection has removed all Windows and Symtec security

View previous topic View next topic Go down

Digital Protection has removed all Windows and Symtec security

Post by Hedge89 on 20th April 2010, 1:12 pm

Dear all

I recently got infected with the Digital Protection virus and, by the sounds of things, I'm not the only one! However, my experience seems to have gone a step further than most I have read on here.

I am fairly confident that the virus has gone, malware seemed to delete it and there are absoƖute no signs of it anywhere. However, malware rebooted the laptop and, when it restarted I found the following problems:

1. I cannot change any windows security features, to turn on firewall etc.
2. The majority of applications (malware included) do not open and instead show me an "open with" box, with a greyed out tick-box to remember the application chosen for the future.
3. When I try to run any .exe file at all, I get a similar "choose application" box.
4. My symantec internet security, though it opens and says secure, also displays the "open with" box when I try to run a scan and perform other functions.

I would be very grateful for any help at all, especially as I do not have any of my laptop disks with me at present so I couldn't perform a complete system restoration.

Many thanks

Josh

Hedge89
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-04-20
OS OS : Vista
Points Points : 24273
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Digital Protection has removed all Windows and Symtec security

Post by Belahzur on 20th April 2010, 1:13 pm

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Digital Protection has removed all Windows and Symtec security

Post by Hedge89 on 20th April 2010, 1:15 pm

Thanks for this. The report is:

exeHelper by Raktor
Build 20100414
Run at 14:14:50 on 04/20/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s
Deleting file C:\Users\Josh\reader_s.exe
Resetting filetype association for .exe
Removing HKCR\secfile
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Hedge89
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-04-20
OS OS : Vista
Points Points : 24273
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Digital Protection has removed all Windows and Symtec security

Post by Belahzur on 20th April 2010, 1:23 pm

I'm afraid I have bad news.

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.


For more information, please see [You must be registered and logged in to see this link.]

Instructions how to format and reinstall Windows can be found [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Digital Protection has removed all Windows and Symtec security

Post by Hedge89 on 20th April 2010, 1:31 pm

Oh dear, that's frustrating, especially as everything was working fine after I ran that report - all windows security worked, applications opened and I could run a full scan. Thanks again.

Hedge89
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2010-04-20
OS OS : Vista
Points Points : 24273
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Digital Protection has removed all Windows and Symtec security

Post by Belahzur on 20th April 2010, 2:06 pm

Yeah, sadly exeHelper showed a sign of a well known file infector, which nothing can be done about.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum