Received a virus from wdfextractor.exe

I recently downloaded the file from these forums. A mod in the thread had said the file was clean, and since the thread was from 2006 and so many people have downloaded it, I thought it was clean as well. I ran it on Friday. It installed "Win32/Virut" to my system32 dir, infecting every .dll/.exe/.ocx file, then began to download an run many spyware programs. The only thing I thought of doing was to delete the windows dir and do a clean XP install. So I did that, took most of today to do because I couldn't find my XP CD.

After the install, it seemed to be running fine. But all of a sudden files started appearing in the system32 dir without me running any program. I scanned one of the files with virusscan.jotti.org. It said it was "Win32.Heur" After around 10 mins, my comp shuts down. I reboot it and log in, and it gets sent to the Windows Login screen again. It does this with any account I try logging into.

How can the virus re-infect itself after a clean install? The file that had the main virus(wdfextractor.exe) was deleted the day I opened it. Is the only way to get rid of it is to format?

well the BEST way is to format the hd,but if you got data you need,might not bee your first option.I wish i could be more help,i have 3 HDs and (1 spare with windows installed and ready to boot)so i have had my share of viruses/spyware,living it the systemrestore,cheche,moving from disk to disk lol.so i format 2 HDs but first move all my stuff to keep to the third.....realy dident you none i know,sorry
But has anyone here got a hacker trying to break in to thier system using mysqlworm ?
I was just wondering if i got it from here?

I may sound real off but if you do a fully hd format including bootsector , all free sectors and it returns.

Try scanning for rootkits seen a couple in my life and made some never released tho only for finding the truth about them.

Anyways Goodluck :)

Quote:

Originally Posted by FeonDust I recently downloaded the file from these forums. A mod in the thread had said the file was clean, and since the thread was from 2006 and so many people have downloaded it, I thought it was clean as well. I ran it on Friday. It installed "Win32/Virut" to my system32 dir, infecting every .dll/.exe/.ocx file, then began to download an run many spyware programs. The only thing I thought of doing was to delete the windows dir and do a clean XP install. So I did that, took most of today to do because I couldn't find my XP CD. After the install, it seemed to be running fine. But all of a sudden files started appearing in the system32 dir without me running any program. I scanned one of the files with virusscan.jotti.org. It said it was "Win32.Heur" After around 10 mins, my comp shuts down. I reboot it and log in, and it gets sent to the Windows Login screen again. It does this with any account I try logging into. How can the virus re-infect itself after a clean install? The file that had the main virus(wdfextractor.exe) was deleted the day I opened it. Is the only way to get rid of it is to format?

be very very careful with that, the first time it happened to me i reformatted the whole comp, the 2nd time it happened my comp crashed and had to be replaced, which it got replaced free under warranty but still. i almost lost my comp completely.

Yea, reformat ure drive BUT also use [Only registered and activated users can see links. Click Here To Register...]. When you re-image ure drive the disk will reformat itself but it will leave some files As Is.

With some virus's, they embed themselves in specific files which can be recovered and the programers of the virus make it that the file can Recover Itself (the virus). This has happened to me once and i re-formated my computer around 3 times. I still had the virus and then i found Killdisk which eliminates all files with a format.

Hope that helps u,

Hiyoal

Are you sure about the wdfextractor? I Just downloaded it 3 days ago and everything was fine...

Maybe an other virus has infected this file.