WiredWX Hobby Weather ToolsLog in

 


descriptionDigital Protection has removed all Windows and Symtec security EmptyDigital Protection has removed all Windows and Symtec security

more_horiz
Dear all

I recently got infected with the Digital Protection virus and, by the sounds of things, I'm not the only one! However, my experience seems to have gone a step further than most I have read on here.

I am fairly confident that the virus has gone, malware seemed to delete it and there are absoƖute no signs of it anywhere. However, malware rebooted the laptop and, when it restarted I found the following problems:

1. I cannot change any windows security features, to turn on firewall etc.
2. The majority of applications (malware included) do not open and instead show me an "open with" box, with a greyed out tick-box to remember the application chosen for the future.
3. When I try to run any .exe file at all, I get a similar "choose application" box.
4. My symantec internet security, though it opens and says secure, also displays the "open with" box when I try to run a scan and perform other functions.

I would be very grateful for any help at all, especially as I do not have any of my laptop disks with me at present so I couldn't perform a complete system restoration.

Many thanks

Josh

descriptionDigital Protection has removed all Windows and Symtec security EmptyRe: Digital Protection has removed all Windows and Symtec security

more_horiz
Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

descriptionDigital Protection has removed all Windows and Symtec security EmptyRe: Digital Protection has removed all Windows and Symtec security

more_horiz
Thanks for this. The report is:

exeHelper by Raktor
Build 20100414
Run at 14:14:50 on 04/20/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s
Deleting file C:\Users\Josh\reader_s.exe
Resetting filetype association for .exe
Removing HKCR\secfile
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

descriptionDigital Protection has removed all Windows and Symtec security EmptyRe: Digital Protection has removed all Windows and Symtec security

more_horiz
I'm afraid I have bad news.

Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a format and clean install, or destructive recovery if you have an OEM recovery partition, is the best way to clean the infection and it is the best and safest way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.


For more information, please see Here

Instructions how to format and reinstall Windows can be found Here

descriptionDigital Protection has removed all Windows and Symtec security EmptyRe: Digital Protection has removed all Windows and Symtec security

more_horiz
Oh dear, that's frustrating, especially as everything was working fine after I ran that report - all windows security worked, applications opened and I could run a full scan. Thanks again.

descriptionDigital Protection has removed all Windows and Symtec security EmptyRe: Digital Protection has removed all Windows and Symtec security

more_horiz
Yeah, sadly exeHelper showed a sign of a well known file infector, which nothing can be done about.

descriptionDigital Protection has removed all Windows and Symtec security EmptyRe: Digital Protection has removed all Windows and Symtec security

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum