Author Topic: jl.chura.pl/rc/  (Read 8726 times)

0 Members and 1 Guest are viewing this topic.

Offline alwinjeffrey

  • Newbie
  • *
  • Posts: 4
jl.chura.pl/rc/
« on: April 28, 2009, 03:43:34 AM »
guys help me

i've

1. used all type of antivirus/malware/firewall software
2. format my hard drive
3. disable all network programs
4. all known possibilities are done

still no cure.

i found the jl.chura.pl/rc/ when i netstat, before i suspected it was in firefox only but its all over my files


do you have any solution for this virus/malware

guide me step by step do you have special software for it?

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: jl.chura.pl/rc/
« Reply #1 on: April 28, 2009, 05:56:25 AM »
Whew, this is going to be a long one.

Alright, first, what operating system do you have, and what service pack level?

You say that,
Quote
still no cure.
  How do you know? what is telling you there is a virus, or what are you experiencing that is telling you that?  If Avast is saying that you have a virus, where is it? what is the path?

You said that you formatted your hard drive, did the virus appear AGAIN after that? Is it possible that you have an external hard drive with the virus, or the virus is on your network, and spread after your recent rebuild?  Did you scan those types of media with avast?

Have you run a boot-time scan?

Have you run Malware-bytes or Superantispyware?

Could you post a Hijackthis log?

Do you have all of your windows updates installed?

Have you tried a Antivirus Boot CD?

We'll just start with that.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline alwinjeffrey

  • Newbie
  • *
  • Posts: 4
Re: jl.chura.pl/rc/
« Reply #2 on: April 28, 2009, 06:07:02 AM »
yes i also do that, avast is blocking the access of jl.chura.pl/rc/ but avast did not remove it, i try all posibilities even in safe mode or boot scan, even malwarebytes, any antivirus software, but no one works, i been search it thru forum but they dont help me

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: jl.chura.pl/rc/
« Reply #3 on: April 28, 2009, 06:17:45 AM »
Nevermind.

That's the webscanner.  You're trying to visit a website that has a malicious code on it.  The webscanner alerts you, to tell you that there was something blocked.

This means that Avast protected your computer from downloading anything malicious.

The next step is whether or not you own the website.

If it's your website, then you've (not your computer exactly, but the web server that your site is hosted on) has been hacked, and you'll need to look through the code on your website to figure out what's wrong.

If it's not your website, alert the webmaster that something bad is on his/her website, so that they can fix it.

*EDIT*

I've updated the post to add a picture that might help you


« Last Edit: April 28, 2009, 06:22:15 AM by scythe944 »
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline alwinjeffrey

  • Newbie
  • *
  • Posts: 4
Re: jl.chura.pl/rc/
« Reply #4 on: April 28, 2009, 06:27:38 AM »
yes, but i know the code is on my system even if avast block it,   when i use  netstat.exe on command prompt the jl.chura.pl/rc/ appear to be connected, when i block it it keeps me coming back, i read some articles here http://google.com/safebrowsing/diagnostic?tpl=safari&site=jL.chura.pl&hl=en this is the virus, and i'm searching for the cure, because even if i reinstall, reformat, or even use deep freeze it keeps coming because i have secondary hard drive based on the article it was replicated in .exe file, i'm looking for program that can clean the .exe

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: jl.chura.pl/rc/
« Reply #5 on: April 28, 2009, 06:32:33 AM »
Gotcha. So you have an .exe that is being used to connect to the website on a drive that is not your system drive.

As I explained before, I would try:
Quote
Have you run a boot-time scan?
The boot-time scan.

If that doesn't work, maybe rebooting in safe mode and deleting the file manually might help.

Also, the malwarebytes scan or superantispyware scan might help as well.

Let us know!
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline alwinjeffrey

  • Newbie
  • *
  • Posts: 4
Re: jl.chura.pl/rc/
« Reply #6 on: April 28, 2009, 06:52:32 AM »
yes i have tried boot time scan, i already resolve the problem it came from my secondary drive i remove it first and i installed fresh copy of windows to the primary, the only think i want is to clean my secondary drive, before i try malwarebytes, antispyware, avast, norton, avg, zonealarm, in full system scan but it always comes back i got 1 TB of files on the secondary hard drive, how can i kill the jl.chura.pl/rc/ is there any special software?

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: jl.chura.pl/rc/
« Reply #7 on: April 28, 2009, 08:45:37 AM »
jl.chura.pl is a domain associated with Virut (the newest variant Win32:Vitro).. a reference to this site is encapsulated with an iframe and injected into html pages...

Offline polonus

  • Avast √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 31449
  • malware fighter
Re: jl.chura.pl/rc/
« Reply #8 on: April 28, 2009, 02:20:40 PM »
Hi alwinjeffrey,

Here you can read about the implications of a Vitro file infector infection:
http://forum.avast.com/index.php?topic=42709.0
If you did not immediately took the right precautions like switching to SafeMode upon detection, scanning from a CD with the latest av tools (avast. MBAM, DrWebCureIt, specific anti-Vitro tools) and do a nondestructive reinstall the only option left against this destructive random buggy file infector is to f-disk, format and reinstall and keep infected material on peripherals like USB sticks etc. away from the cleansed computer for you are being reinfected with it before one could say Jack R. Also in case of a online infection after cleansing change all logins and passwords for the infected account(s) because your machine has been severely compromised,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!