AVG antiirus detecting window movie maker as virus

[ashishstillthere]

I have 2.66 Core 2 Duo, 4G RAM, 250 GB Hard Disk.

I am using AVG 8 (home edition). It is behaving abnormally and giving false warning like window movie maker is a virus. It has blocked my WMM, control panel exe and explorer exe but virus volt do not have their description. On scanning no virus is found except these.Warning comes that the file is infected on opening the system

Accessed file is infected
Threat detected
File name pc:\windows\system32\wuauclt.exe
Threat name Virus found win32/virut
Detected on open

When i tried to heal, it said that healing process not sucessful but exe files have been blocked due to which i can not open WMM or control panel.

Pls tell me how to repair win vista from this disaster. i have my own vista dvd but when i try repairing from the dvd, it simply checks the booting of the system, hard disk errors and memory problems. Restoring window files from backup didnt worked.

thanks for your help in advance

 

[mrintech]

There is no false detection of AVG. Your PC is infected

Download win32/virut Virus Removal:

1. *www.softpedia.com/get/Antivirus/Win32-Virut-Remover.shtml
2. *www.avg.com/us.virus-removal.ndi-67762



First of all Update the Virus Database, and scan with AVG

Also run a scan with SuperAntiSpyware: *www.superantispyware.com/download.html (Don't forget to update the definition to latest one)

Here is the virus detail for win32.virut

Win32/Virut.A

infector:

polymorphic
Names,aliases:

Win32/Virut.D (AhnLab-V3), W32/Virut.E (AntiVir), Win32.Virtob.2.Gen (BitDefender), W32.Virut.ci (ClamAV), Win32.Virut.5 (DrWeb), W32/Virut.E (Fortinet), Virus.Win32.Virut.e (F-Secure), Virus.Win32.Virut.d (Ikarus), Virus.Win32.Virut.e (Kaspersky), W32/Virut (McAfee), Virus:Win32/Virut.D (Microsoft), Win32/Virut (NOD32v2), W32/Virutas.G (Panda), W32/Vetor-A (Sophos), W32.Virut.B (Symantec), Win32.Virut.Gen (VirusBuster), Win32.Virut.E (Webwasher-Gateway)
Behavior:

Parasitic file infector of PE files with .EXE extension.
Acts like an IRC bot, communicating on TCP port 65520, it opens channel #virtu on the proxim.ircgalaxy.pl IRC server.

Its first step upon running is injecting the process (winlogon.exe), for this reason firewalls will not identify the virus. The virus will infect files on local and shared drives. It does not depend on usage of these files.

Infected files are approx. 9kB longer, and will not keep the original timestamp, (the timestamp will change to the time when the virus was written into the file).

The virus is activated in the "classical" way:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Note: the name of the infected file can be variable. It selects a name from the infected files in the folder %SystemRoot%\system32.

It doesn't use any stealth or rootkit techniques for hiding infected files. It uses process injection technology, which provides good camouflage.

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.

Remover:

Usage:

Rmvirut (check and repair all accessible disk drives)
Rmvirut C: (check and repair the entire C drive)
Rmvirut C: D: (check and repair the C a D drives)
Rmvirut C:\Windows (check and repair files in the C:\Windows folder)
Rmvirut C:\Windows\explorer.exe (check and repair C:\Windows\explorer.exe)

Remover features:

- if AVG is installed, it correctly registers itself in the resident shield to avoid collision with it.

- If it detects a locked file (unable to open), the remover arranges removal for immediately after booting the computer - when system files are not yet locked.

- Files RMVIRUS.DOS and Rmvirus32.nt are part of the remover for repairing before booting Windows 98 or Windows 2000

- You must have administrator privileges to run the remover, the remover tests this at the beginning.

- Repaired files are usually different to the originals, but they are working.

- Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.

If all the above fails then:

If you have fast connection than go for online scan with Kaspersky: *www.kaspersky.com/virusscanner

If not, Scan whole computer Manually by Kaspersky trial ware: *www.kaspersky.com/homeuser (Don't forget to update the definition to latest one)

Problem will be definitely solved

 

[Krazzy Warrior]

Thanks for the link mrintech

 

[mrintech]

Thanks for the link mrintech

Why are you giving me thanks... are you also infected???????

 

[ashishstillthere]

thanks for your reply....i have downloaded the tool from the site and scanned my computer...but now i am not be able to open control panel+widow movie maker+dvd maker and condition zero

this is the screen shot of my virus list and some of my games are also listed as virus...i waana get them back

plz help me for the same

here is the screen shot

*img223.imageshack.us/my.php?image=capturehv9.jpg



plz help

 

[mrintech]

thanks for your reply....i have downloaded the tool from the site and scanned my computer...but now i am not be able to open control panel+widow movie maker+dvd maker and condition zero

this is the screen shot of my virus list and some of my games are also listed as virus...i waana get them back

plz help me for the same

here is the screen shot

*img223.imageshack.us/my.php?image=capturehv9.jpg



plz help

Whoa! Tremendous amount of virus replica's.... really.... Go for ful scan again.... if nothing is repaired

Insert Windows Xp CD and choose repair. Also if this also not works... sorry... you have to format (no other option)

Also you have tremendous amount cracks and keygens, this is the main cause of viruses and other malware.

 

[ashishstillthere]

bro its is vista ultimate...and when ever i inserted vista dvd it didnt shows me the option of repairing your comp...its just shows some tools like memory diagnostic and all but their is no option of repairing window like in xp


have scaned in both in normal mode and in safe mode here was the list of safe mode so what should i do?? delete them from quarantine also???


but what about my programs??

 

[mrintech]

Okz

first of all, I am not getting that why virus removal tools didn't work? Have you run the scan? If yes, than what was the result/what the removal tools showed.

Also Your computer is heavily corrupted, I recommend you gather all your important data in a separate drive and format your PC.

Cheers!!

 

[ashishstillthere]

i am using avg antivirus pro edition..and after your that tool i dont have any prob of getting any warning of having virus in my system..now i wana fix my damaged file which was replicated in the form of virus and hijack this log too didnt shows any warning....so any way to get back them without formating???

 

[mrintech]

Here's the command:

Remover:

Usage:

Rmvirut (check and repair all accessible disk drives)
Rmvirut C: (check and repair the entire C drive)
Rmvirut C: D: (check and repair the C a D drives)
Rmvirut C:\Windows (check and repair files in the C:\Windows folder)
Rmvirut C:\Windows\explorer.exe (check and repair C:\Windows\explorer.exe)

These commands are meant to be run in Command Prompt. Also make sure that the virus removal tool is installed

cheers!! and do reply back....

Do read the Quoted Paragraph about the Virus in 2nd Post Above

 

[ashishstillthere]

how to run them in command promt??


have already downloaded that tool you have recomonded to me in second post...and scanned by it...it didnt shows any virus but only avg shows this and earlier it was not healing the infected file but now it can be able to heal them...so now i just want to recover/restore my damaged file like control panel

 

[mrintech]

dude i don't know much abt vista as my PC do not supports it (due to hardware requirement)

there must be command prompt (DOS - That Black Screen Wizard) in the accessories menu via start button open it and write the above command there:

E.g. c:\>rimvirut c:

 

[ashishstillthere]

may be i am doing something wrong...you can see this screenshot

*img148.imageshack.us/my.php?image=screensnaperimageih2.jpg

tell me in detail

 

[mrintech]

Please be online I am checking

wait

Dude Sorry I can't help you in this Repairing case. Better ask here: *freeforum.avg.com/list.php?4

They are professionals and will help you better

 

[ashishstillthere]

its ok dude....thanks for your so much support....

 

[mrintech]

its ok dude....thanks for your so much support....

Welcome