New to Avast - win32:junkpoly[cryp] and win32:virut

[miab]

Formerly (up until yesterday) I had AVG running. I received some virus warnings that upon restart wouldn't allow the internet explorer and AVG to work. Today I installed Avast from friends recommendations. I did a boot time scan with avast and it came up with 273 infected files. All the infected files were .exe files. I moved all to the vault except one. For explorer.exe it wouldn't allow me move,repair or delete. I had to ignore it. Almost all the virus names were win32:junkpoly[cryp] and a couple were win32:virut.

Now when starting Windows it gets to just after the Windows xp splash screen and then to where explorer desktop should be but the screen stays black with the cursor visible. I'm able to move the cursor. I can type in ctrl-alt-delete and start different programs from File-New Task(Run..).

What do I do?

Thanks in advance
Joseph

[RejZoR]

Considering you have a Virut infection going on i suggest you re-install entire OS from scratch as you can never be sure if all files are really cleaned when file infectors are involved.

[miab]

Thank you.
 I feared that would be the only solution. Is it safe, to save all documents, pictures, video's and music so that I can use them after I re-install operating system. I have over 100gig of family photo's and video's. They are very important to me. I have some of them on a seperate hard drive in the computer and some on a seperate partition on the same hard drive as c: drive. When scanning it looks as though viruses are contained within c:. Can I be sure?
 

[DavidR]

Virut by all accounts only effects .exe and I think .scr files (I could be wrong about the later).

DrWeb CureIt! - See http://www.freedrweb.com/cureit/ - Download ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe (Free) Fairly effective against file infectors, Virut, more so when used in safe mode. However, I don't know how it might fare in the junkpoly [cryp] though.

It could be that your system is so badly compromised backing up what you can, data files, etc and starting from scratch, format and reinstall windows may realistically be your only option.

[areyouhappynow]

I'm New at this forum stuff but i seem to be having the same problem recently i downloaded a "key generator". Then i started noticing systems not responding and google chrome not working. Then i got spyware doctor and it detected a bunch of adware,spyware...ect, so i deleted them. But then the same stuff started happening again and now i cant even login to normal mode (vista) and haved to run in safemode with networking. So after searching around a bit i found Avast and ran a boot scan which detected Junkpoly[cryp], I deleted all files which was stupid of me i guess because i basically deleted vital system 32 files and now i cant login at all. Plz respond with an easy tutorial. (im desperate)

[Lisandro]

I deleted all files which was stupid of me i guess because i basically deleted vital system 32 files and now i cant login at all. Plz respond with an easy tutorial. (im desperate)

There is no way to restore these deleted files... sorry... the better would be having sending them to Chest.
Can you boot in Safe Mode (pressing F8 while booting)?
Overinstallation can solve the problem and you won't lose your programs, settings, data, files, etc.
Just choose 'Repair' installation of Windows and install 'over' the old installation.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;315341
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314058
http://www.webtree.ca/windowsxp/repair_xp.htm

[oldman]

Virut by all accounts only effects .exe and I think .scr files (I could be wrong about the later).

These are the files not recommended to be backed up

exe - scr - mp3 - wmv

[DavidR]

Thanks for the update oldman.

[areyouhappynow]

Nvm i just reformatted only lost about 150 gigs of stuff though 

[miab]

OLDMAN, would mp3 be affected possibly? If I scanned my mp3's with Avast would it detect the virus or are they hidden until played? Might sound like a stupid question and probably is.

Joseph

[oldman]

No such thing as a stupid question.  Stupid is not asking if you're not sure. 

MP3 files are on the list of files that Virut can infect. If Avast is capable of detecting the variant, then scanning the file will reveal if it's clean or not. If it were me and I suspected virut, I wouldn't even bother trying to save any mp3 files.

Here's the log of a Kaspersky online scan of an infected computer that I came across. They probably will flatten this one. 

http://www.geekstogo.com/forum/Virus-Maleware-problems-services-exe-issue-t229487.html&hl=otlistit2&st=15

Take care.

[RejZoR]

MP3 files cannot be infected as it is. It can only either convert them to WMA as some malware does or just corrupts them.
Just copy all your images, music or videos to external disk, scan them all just to be sure and re-install system.
However avoid copying any EXE, SCR, PIF or any kind of other executable files.

[oldman]

Only passing on what I can

http://forums.whatthetech.com/I_need_help_removing_W32_Virut_CF_virus_t99940.html&hl=virut

[DavidR]

MP3 files cannot be infected as it is. It can only either convert them to WMA as some malware does or just corrupts them.
<snip>

I thought that mp3 files could be modified to exploit the players ?
Thought this would differ from the usual Virut infection.

[oldman]

A little conflicting info. They flattened the computer I linked to earlier.

These need to be wiped : all programs, all .exe + .scr executables, downloaded archives (.zip + .rar) and now, according to a very trustworthy colleague, this newer variant injects all .htm + .html files

These seem to be ok to the helper.

movie files, mp3s, gif/jpeg and Photoshop files