Spyware, Viruses, & Security forum

General discussion

W32/VB-EMU Virus

by Miramichi / March 13, 2007 7:59 PM PDT

I can't find any information on this virus. This is all I have. W32/VB-EMU:VB-Backdoor-PEK-based!Maximus. D:system volume information\_restore(84E8505B-26B1-...\AD099197.exe Any information would be appreciated, especially if I can get information on removal.I have a Dell desktop with a windows xp operating system.I have tried tha Malware Removal (Microsoft), Wndows Defender, Microsoft on line scan and Freedom. I have also tried restoring to a previous date.

Discussion is locked
You are posting a reply to: W32/VB-EMU Virus
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: W32/VB-EMU Virus
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
by tomron / March 13, 2007 10:33 PM PDT
In reply to: W32/VB-EMU Virus
Collapse -
In addition
by tomron / March 13, 2007 11:01 PM PDT
In reply to: Miramichi

You might have too scan in safe mode after you disabled system restore.


Collapse -
All I can see, is that the infected file
by Marianna Schmudlach / March 14, 2007 12:42 AM PDT
In reply to: W32/VB-EMU Virus

is in your system restore:

D:system volume information\_restore(84E8505B-26B1-...\AD099197.exe

You only have to purge your system restore points:


Reboot your computer and scan again with you Anti Virus and you should be fine.

Collapse -
by Miramichi / March 14, 2007 8:15 PM PDT

I tried your suggestions. I get a message telling me that my Freedom software has detected the virus and tells me it will delete the file after the next reboot. I disabled system restore and rebooted. I've both enabled system restore and left it off but I continue to get the message that I still have this virus. Anything else I can Try?

Collapse -
See the link provided by Tomron
by Donna Buenaventura / March 14, 2007 8:25 PM PDT
In reply to: Virus

It says:
"Troj/VB-CZD is a Trojan for the Windows platform.

When first run Troj/VB-CZD copies itself to <Windows>\services.exe.

The following registry entries are created to run Troj/VB-CZD on startup:

<Random Characters>

<Random Characters>

<Random Characters>

If you have that trojan infected file then disabling System Restore is not a solution until you disinfected the system because it is running during startup with random characters. That is if you have such trojan.

Scan using the tools that Tomron suggested (AVG antispyware - this is freeware and TrojanHunter - this trial version)
Scan in safe mode.

Or you can run an online scan using Housecall:

Collapse -
Tricky Virus
by Miramichi / March 16, 2007 10:49 PM PDT

I have tried everything suggested and still no luck. Thankyou for your suggestions. I ran three anti virus programs in safe mode and windows. The Sophos anti-virus program said that the volume drive where the virus is located could not be scanned. Any way I can get at it?

Collapse -
volume drive
by Marianna Schmudlach / March 17, 2007 2:32 AM PDT
In reply to: Tricky Virus
Collapse -
Just a thought
by Donna Buenaventura / March 17, 2007 4:13 AM PDT
In reply to: Tricky Virus

You mentioned in your previous post that you disabled System Restore and rebooted but your antivirus is still finding it.
I think you should try this first:
1. Configure your antivirus to not to scan the System Volume Information (the System Restore) then reboot so your antivirus will not longer hold the infected file that is in System Restore
2. Next, disable System Restore
3. Reboot so Windows will delete your restore points that contains the infection
4. Scan the system using your antivirus
5. Enable System Restore then it is up to you if you want it to include to scan the System Restore but it's good idea to include it in scanning so you will know whether your restore points includes infection.

The reason why I suggest the #1 is because your antivirus seems trying to "hold" that infected file to do the action it want (to delete it after next reboot). This means your AV is hold on the infected file but it couldn't delete it since it's expected because items in System Restore are being reverted back System Restore. Explanation by Microsoft on this is at How antivirus software and System Restore work together

Let us know how it goes.

Collapse -
w32/vb-emu:vb - backdoor - HRS based! Maximus
by Cooperm4n / June 14, 2007 6:20 AM PDT
In reply to: Tricky Virus


How did you get on with this glitch? My son's PC has developed the same error message as yours. I have tried all of the suggestions in the above thread but nothing has worked.



Collapse -
If it can't be removed
by Donna Buenaventura / June 14, 2007 6:38 AM PDT
Collapse -
w32/vb-emu:vb - backdoor - HRS based! Maximus
by Cooperm4n / June 18, 2007 6:01 PM PDT
In reply to: If it can't be removed

Thanx Donna

Castlecops had a look but the only option, because of the nature of the infection, was a format and re-install of XP.

All is well so far...


Collapse -
OK. Thanks for posting back.
by Donna Buenaventura / June 20, 2007 10:12 AM PDT

Hope you will not have a problem again.

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?