Virus

Apparently I have a virus (WIN32/Rustock.gen!c) on my home computer and it
keeps shutting down my computer. I have run my anti-virus software program
(AVG 7.5) but it does not detect the error. How can I remove this virus?

Thanks for any help that can be offered!
--
Christi

Cleaning a Compromised System
http://www.microsoft.com/technet/com...mt/sm0504.mspx

"The only way to clean a compromised system is to flatten and rebuild.
That’s right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system disk)
and rebuild it from scratch (reinstall Windows and your applications)."

--
Carey Frisch
Microsoft MVP
Windows - Shell/User

---------------------------------------------------------------------------Â*-----

"Christi" wrote:

Apparently I have a virus (WIN32/Rustock.gen!c) on my home computer and it
keeps shutting down my computer. I have run my anti-virus software program
(AVG 7.5) but it does not detect the error. How can I remove this virus?

Thanks for any help that can be offered!
--
Christi

How do I reformat the system disk? Can it be done in Safe Mode? What will
happen if the computer shuts down in the middle of reformatting?

Thanks for your help!
--
Christi


"Carey Frisch [MVP]" wrote:

> Cleaning a Compromised System
> http://www.microsoft.com/technet/com...mt/sm0504.mspx
>
> "The only way to clean a compromised system is to flatten and rebuild.
> That’s right. If you have a system that has been completely compromised,
> the only thing you can do is to flatten the system (reformat the system disk)
> and rebuild it from scratch (reinstall Windows and your applications)."
>
> --
> Carey Frisch
> Microsoft MVP
> Windows - Shell/User
>
> ---------------------------------------------------------------------------Â*-----
>
> "Christi" wrote:
>
> Apparently I have a virus (WIN32/Rustock.gen!c) on my home computer and it
> keeps shutting down my computer. I have run my anti-virus software program
> (AVG 7.5) but it does not detect the error. How can I remove this virus?
>
> Thanks for any help that can be offered!
> --
> Christi
>

Clean Install Windows XP
http://www.michaelstevenstech.com/cleanxpinstall.html

--
Carey Frisch
Microsoft MVP
Windows - Shell/User

---------------------------------------------------------------------------Â*-----

"Christi" wrote:

How do I reformat the system disk? Can it be done in Safe Mode? What will
happen if the computer shuts down in the middle of reformatting?

Thanks for your help!
--
Christi

How to Install or Reinstall Windows Vista
http://windowshelp.microsoft.com/Win...522671033.mspx

--
Carey Frisch
Microsoft MVP
Windows - Shell/User

---------------------------------------------------------------------------Â*-----


"Christi" <> wrote in message news:EEA1505C-9154-4BF9-B7FD-...
How do I reformat the system disk? Can it be done in Safe Mode? What will
happen if the computer shuts down in the middle of reformatting?

Thanks for your help!
--
Christi


"Carey Frisch [MVP]" wrote:

> Cleaning a Compromised System
> http://www.microsoft.com/technet/com...mt/sm0504.mspx
>
> "The only way to clean a compromised system is to flatten and rebuild.
> That’s right. If you have a system that has been completely compromised,
> the only thing you can do is to flatten the system (reformat the system disk)
> and rebuild it from scratch (reinstall Windows and your applications)."
>
> --
> Carey Frisch
> Microsoft MVP
> Windows - Shell/User
>
> ---------------------------------------------------------------------------Â*-----
>
> "Christi" wrote:
>
> Apparently I have a virus (WIN32/Rustock.gen!c) on my home computer and it
> keeps shutting down my computer. I have run my anti-virus software program
> (AVG 7.5) but it does not detect the error. How can I remove this virus?
>
> Thanks for any help that can be offered!
> --
> Christi
>

Christi wrote:
> How do I reformat the system disk? Can it be done in Safe Mode?


No. You can't format the Windows drive from within Windows (not even safe
mode), since that would leave Windows without a leg to stand on.
Just boot from the Windows XP CD (change the BIOS boot order if necessary to
accomplish this) and follow the prompts for a clean installation (delete the
existing partition by pressing "D" when prompted, then create a new one).

You can find detailed instructions here:
http://michaelstevenstech.com/cleanxpinstall.html

or here http://windowsxp.mvps.org/XPClean.htm

or here http://www.webtree.ca/windowsxp/clean_install.htm


--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup

Ken Blake wrote:
> Christi wrote:
>> How do I reformat the system disk? Can it be done in Safe Mode?
>
>
> No. You can't format the Windows drive from within Windows (not even safe
> mode), since that would leave Windows without a leg to stand on.
> Just boot from the Windows XP CD (change the BIOS boot order if necessary to
> accomplish this) and follow the prompts for a clean installation (delete the
> existing partition by pressing "D" when prompted, then create a new one).
>
> You can find detailed instructions here:
> http://michaelstevenstech.com/cleanxpinstall.html
>
> or here http://windowsxp.mvps.org/XPClean.htm
>
> or here http://www.webtree.ca/windowsxp/clean_install.htm
>
>

All that aside, I don't know why Carey insists on telling people to wipe
the hard drive and clean install Windows when they have a suspected
virus or malware. As we all know, this is rarely necessary.

Christi - Since I'm not sure if my normal preparation and removal tools
will help in Vista, at the very least you can do a few things before
starting over with Windows:

1. Send a copy of the suspect file to VirusTotal to make sure it is
indeed a virus and not just a false-positive by AVG.
http://www.virustotal.com/

2. Post in one of the specialty forums here:

http://aumha.net/ - Click on the HijackThis forum. Read the announcement
and the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

They may have you run HijackThis and will show you how to do that and
then analyze your log.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Hi Christi,

Before you go to the extreme of formatting and clean installing, see:
http://www.google.com/search?q=remov...1&start=0&sa=N

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP
http://mvp.support.microsoft.com/
Windows help - www.rickrogers.org
My thoughts http://rick-mvp.blogspot.com

"Christi" <> wrote in message
news:05745DFD-2506-41F9-B0DE-...
> Apparently I have a virus (WIN32/Rustock.gen!c) on my home computer and it
> keeps shutting down my computer. I have run my anti-virus software
> program
> (AVG 7.5) but it does not detect the error. How can I remove this virus?
>
> Thanks for any help that can be offered!
> --
> Christi

Malke wrote:
> Ken Blake wrote:
>> Christi wrote:
>>> How do I reformat the system disk? Can it be done in Safe Mode?
>>
>>
>> No. You can't format the Windows drive from within Windows (not even
>> safe mode), since that would leave Windows without a leg to stand on.
>> Just boot from the Windows XP CD (change the BIOS boot order if
>> necessary to accomplish this) and follow the prompts for a clean
>> installation (delete the existing partition by pressing "D" when
>> prompted, then create a new one).
>>
>> You can find detailed instructions here:
>> http://michaelstevenstech.com/cleanxpinstall.html
>>
>> or here http://windowsxp.mvps.org/XPClean.htm
>>
>> or here http://www.webtree.ca/windowsxp/clean_install.htm
>>
>>
>
> All that aside, I don't know why Carey insists on telling people to wipe
> the hard drive and clean install Windows when they have a suspected
> virus or malware. As we all know, this is rarely necessary.
>


I find it quicker to re-image than to mess about removing a virus which
may / may not end up being removed completely. I'm with Carey on this one.

By the time I've gone through your steps I could have re-imaged, cooked
dinner and gone out with my better half for the evening. YMMV :-)

Neil Harley wrote:

> I find it quicker to re-image than to mess about removing a virus which
> may / may not end up being removed completely. I'm with Carey on this one.
>
> By the time I've gone through your steps I could have re-imaged, cooked
> dinner and gone out with my better half for the evening. YMMV :-)
>

Yes of course you could. But the majority of people who post on this
newsgroup don't have an image available and have no idea how to do this.
The majority of people who post can get through a malware cleanup by
following instructions or they need to take the machine to someone skilled.

My mileage certainly does vary because, like all other professionals I
know, I have images and backups and plenty of operating system install
disks. Installing an operating system - with or without images - is no
big deal for people who have done that thousands of times for years and
years.

My client base is home users and small businesses and I will tell you
that when they first come to me absolutely none of them have images and
very few of them have burned CD/DVD backups.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User