jl.chura.pl/rc

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi Friends

This virus/trojan is causing havoc with my XP Pro SP3 infecting many
exe files and also trying to access the site, have blocked it with the
hosts file entry.

I have checked with Google and find that no one has found a way to get
rid of this pest.

Malwarebytes, Spybot and Avast have not been able to cure this
malaise.

I had to install afresh on a new hard disk keeping aside the infected
one waiting for a cure as this HD has many files archived, yet to be
put on a CD.

Anyone of you here aware of a cure please let me know the details.

Thanks in advance

--
Thanks for your time

Archer


Re: jl.chura.pl/rc



Ardent wrote:
Quoted text here. Click to load it

No I don't know about it but while you're waiting you could try the
SuperAntiSpyware free version.
Dl, install, update and run.
It along with MBAM ,which you already tried, are highly recommended in this
and other ngs.
Buffalo
PS:Most of the time people are also told to run HiJackThis and post it in
one of the ngs that deal with HiJackThis.
Search for some of David Lipman's posts as he usually has advice on HJThis
and many other things.



Re: jl.chura.pl/rc

Buffalo wrote:
Quoted text here. Click to load it

Why bother, his advice is to not post it here.

Re: jl.chura.pl/rc



ASCII wrote:
Quoted text here. Click to load it

True, but he also posts links on where to post it.
Buffalo



Re: jl.chura.pl/rc

"Ardent" wrote:

Quoted text here. Click to load it

This site (jl.chura.pl) has been distributing Virut. So, yes, this is
a real virus rather than a trojan. It will also infect .scr (screen
savers), .html, .htm, .php and .asp files.

Quoted text here. Click to load it

It does that itself to prevent re-infection.

Quoted text here. Click to load it

Some AV products can clean some infected executables but there's no
guarantee they'll get them all. The virus can mis-infect and these
files will be corrupt.

Quoted text here. Click to load it

Mount it as a second (non-bootable) drive and copy your data. Don't
copy exe or scr files. If you want to save the other types mentioned
check them with a text editor for an inserted iframe to the malicious
site and remove it. Note the link text is slighly obfuscated, i.e.
jL.chura.pl/rc/

Quoted text here. Click to load it

The best cure is reformat and reinstall which is what you've done.



Re: jl.chura.pl/rc

Quoted text here. Click to load it
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
For the heck of it I tried a view-source on the site and ESET has the
site blocked so I could not access it.   Well, I could disable the AV,
but why play with fire LOL.


Re: jl.chura.pl/rc


Quoted text here. Click to load it

Many thanks for your response.

I find that cures for Virut by Symantec is here.

http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixVirut.com

But reading their web page on this does not agree with what is
happening with the *chura* distributed virus.

Do you have any thoughts on this that will help me?

--
Thanks for your time and attention

Archer

Re: jl.chura.pl/rc

"Ardent" wrote:

Quoted text here. Click to load it
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixVirut.com
Quoted text here. Click to load it

I don't see any web page. That link is to an executable (almost 3 MB)
and I'm not about to download it.

Quoted text here. Click to load it

As I said in my previous post - copy any files you want from your old
drive and forget about trying to disinfect.



Re: jl.chura.pl/rc

Quoted text here. Click to load it
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixVirut.com
Quoted text here. Click to load it

Removing the virus might not remove what *else* might have been done to
your system. It may have used an IRC backdoor to download and execute
*unknown* malware.

http://www.f-secure.com/v-descs/virus_w32_virut.shtml



Re: jl.chura.pl/rc

Quoted text here. Click to load it

I had this infection and I think I've cured it.

I had to clear ALL Temporary Internet files INCLUDING offline web-
pages and then RESET Internet Explorer to it's original settings.
(Internet Options - Advanced - and choose Reset)

The bad point is that I've lost all my Passwords etc and have to be
sent reminders but the good point is I'm not being redirected to get
trojans downloaded on the sly!

I had to do the same with Firefox.

I also had to edit my Hosts file (normally in C:\Windows
\System32\Drivers\etc in XP) and remove any Comments for http://jl.chura.pl =
/rc/
.

Everything is working fine for me now.


hindes57


Re: jl.chura.pl/rc


Quoted text here. Click to load it









| I had this infection and I think I've cured it.

| I had to clear ALL Temporary Internet files INCLUDING offline web-
| pages and then RESET Internet Explorer to it's original settings.
| (Internet Options - Advanced - and choose Reset)

| The bad point is that I've lost all my Passwords etc and have to be
| sent reminders but the good point is I'm not being redirected to get
| trojans downloaded on the sly!

| I had to do the same with Firefox.

| I also had to edit my Hosts file (normally in C:\Windows
| \System32\Drivers\etc in XP) and remove any Comments for http://jl.chura.pl/rc /
| .

| Everything is working fine for me now.
| hindes57

All you may have done is relieved symptoms.
If you had a Virut file infection then you need to make sure all files are clean
including
any read/write removable media.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: jl.chura.pl/rc

Quoted text here. Click to load it

Believe it or not, I got rid of it just by going into add/remove
programs and uninstalling Mozilla Firefox (also get rid of all
settings,book marks, and cookies) Then download and reinstall Firefox.
So far so good. This jl chura thing seems to be related only to
Firefox.

Re: jl.chura.pl/rc

Quoted text here. Click to load it

Believe it or not, I got rid of it just by going into add/remove
programs and uninstalling Mozilla Firefox (also get rid of all
settings,book marks, and cookies) Then download and reinstall Firefox.
So far so good. This jl chura thing seems to be related only to
Firefox.

***
Got rid of what? A symptom? I can believe that.



Re: jl.chura.pl/rc

On May 4, 8:31=A0pm, muck...@gmail.com wrote:
Quoted text here. Click to load it

This is NOT related only to Firefox. It occurs in Internet Explorer as
well. I should know. I have it.

Re: jl.chura.pl/rc

On May 4, 8:31 pm, muck...@gmail.com wrote:
Quoted text here. Click to load it

This is NOT related only to Firefox. It occurs in Internet Explorer as
well. I should know. I have it.

***
Besides, that site serves up malware - not always the same malware.
***



Re: jl.chura.pl/rc

On Mon, 4 May 2009 13:23:23 -0700 (PDT), Polaris431

Quoted text here. Click to load it

Yes, it is not browser related - it affects Opera also.

However it uses to browser to get entry.

It also affects several .exe files - when you try to open them a
message appears that the file has either been modified or corrupt :-(

I have searched all over including Google and there seems to be no
solution yet.

Let us hope someone will soon come to the rescue.

--
Thanks for your time

Archer

Site Timeline