Author Topic: [SOLVED]win32:Vitro How to protect and how to remove?  (Read 37914 times)

0 Members and 1 Guest are viewing this topic.

vpxavier

  • Guest
[SOLVED]win32:Vitro How to protect and how to remove?
« on: April 01, 2009, 12:19:55 AM »
Hi, I saw some posts about the win32:vitro virus.
I created this post to have three answers:
1) how to remove vitro once you're infected (is it possible?)
2) Once you're infected and took backups on a usb drive. How to make sure the USB drive is not infected before restoring the data?
3) How to make sure you wont have the virus back after a fresh install of windows XP?

Please, do not post in this topic something else than a full answer to one of these questions... users need to find a solution quickly to these 3 questions. (at least, it's my guess).
Thanks in advance to the avast team.
« Last Edit: April 01, 2009, 08:54:32 AM by vpxavier »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: [NOT SOLVED]win32:Vitro How to protect and how to remove?
« Reply #1 on: April 01, 2009, 12:27:03 AM »
1) how to remove vitro once you're infected (is it possible?)
Right now, it's difficult to say that you can get cleaned. Maybe running avast at boot time as soon as you can. Run Dr. Web CureIt also.

2) Once you're infected and took backups on a usb drive. How to make sure the USB drive is not infected before restoring the data?
Are you backing up documents and files and not executables (.exe, .com), right?

3) How to make sure you wont have the virus back after a fresh install of windows XP?
Scan the backup files with avast, Dr. WebCureIt.
The best things in life are free.

vpxavier

  • Guest
Re: [SOLVED]win32:Vitro How to protect and how to remove?
« Reply #2 on: April 01, 2009, 12:44:46 AM »
Quote
1) Right now, it's difficult to say that you can get cleaned. Maybe running avast at boot time as soon as you can. Run Dr. Web CureIt also.
So there's no fix at the moment? correct?
Quote
2) Are you backing up documents and files and not executables (.exe, .com), right?
I did a full backup  :-\ and found infection when scanning today from my Vista, up-to-date avast protected computer... it found infected exe files that it deleted... enough?
Quote
3)Scan the backup files with avast, Dr. WebCureIt.
I will, thanks for the tip

I would add the following question
Quote
4) How to prevent a win32:vitro infection? is an up-to-date Avast Home Edition 4.8 enough?
Thanks for the quick answers you already gave... as usual  ;D

« Last Edit: April 01, 2009, 08:54:55 AM by vpxavier »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: [NOT SOLVED]win32:Vitro How to protect and how to remove?
« Reply #3 on: April 01, 2009, 12:59:21 AM »
Hi vpxavier,

There are two solution to the problem, use Vista and you are not vulnerable, if using XP there is no cure for this very damaging random buggy file infector that beats Windows File Protection and the Windows Firewall on XP, it destroys beyond repair, so the only solution is to f-disk, format and re-install and keep the system from any peripherals etc. with the file infecting vector on it, the only way to avoid is safe-hex and protection, and you can read here in the forums what safe practices are (non-admin account for online activities, in-browser protection, fully updated and patched OS and third party software, updated malware scanner(s) and active software firewall or hardware firewall solution, that is it in a nutshell, all the other options like SafeMode scanning with special tools come to no avail, well have not been demonstrated in effecto,

polonus

« Last Edit: April 01, 2009, 01:00:52 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: [NOT SOLVED]win32:Vitro How to protect and how to remove?
« Reply #4 on: April 01, 2009, 02:53:30 AM »
So there's no fix at the moment? correct?
Like Polonus said, for XP there is not.

it found infected exe files that it deleted... enough?
I suggest a full computer on-line scanning:
BitDefender
ESET NOD32
F-Secure

And also Dr. Web. Vitro is a very difficult infection to get clean.
The best things in life are free.

vpxavier

  • Guest
[SOLVED]win32:Vitro How to protect and how to remove?
« Reply #5 on: April 01, 2009, 08:54:19 AM »
Thank you all for these clear answers.
I Changed the status to solved but don't hesitate to come back if a fix is found  ;D

spungin

  • Guest
Re: [SOLVED]win32:Vitro How to protect and how to remove?
« Reply #6 on: April 02, 2009, 12:24:33 AM »
Hi. I think I have removed Vitro from my laptop, so my question is: How can I be sure that my external HD is not infected?
Assuming I have another PC I can check it on, can I rely on a clean bill of health from Avast?

The major problem, by the way, was not reformatting my laptop, but trying to get all the bloody Lenovo drivers to work!

Cheers.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: [SOLVED]win32:Vitro How to protect and how to remove?
« Reply #7 on: April 02, 2009, 01:15:58 AM »
Hi. I think I have removed Vitro from my laptop, so my question is: How can I be sure that my external HD is not infected?
Assuming I have another PC I can check it on, can I rely on a clean bill of health from Avast?

The major problem, by the way, was not reformatting my laptop, but trying to get all the bloody Lenovo drivers to work!

Cheers.
See Reply #4.
The best things in life are free.

dm77uk

  • Guest
Re: [NOT SOLVED]win32:Vitro How to protect and how to remove?
« Reply #8 on: April 03, 2009, 08:55:45 AM »
Hi vpxavier,

There are two solution to the problem, use Vista and you are not vulnerable, if using XP there is no cure for this very damaging random buggy file infector that beats Windows File Protection and the Windows Firewall on XP, it destroys beyond repair, so the only solution is to f-disk, format and re-install and keep the system from any peripherals etc. with the file infecting vector on it, the only way to avoid is safe-hex and protection, and you can read here in the forums what safe practices are (non-admin account for online activities, in-browser protection, fully updated and patched OS and third party software, updated malware scanner(s) and active software firewall or hardware firewall solution, that is it in a nutshell, all the other options like SafeMode scanning with special tools come to no avail, well have not been demonstrated in effecto,

polonus


Just a quick question please.you state that Vista isn't vulnerable to Win32:Vitro but i have vista running on my laptop and it is heavily infected with this virus.is Avast just telling me i have the virus but it is not actual doing any damage,or am i an exception to the rule that Vista isn't vulnerable to this virus.any information would be greatly appreciated.thanks in advance and thanks for all the hard work and info you put into helping people`

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: [SOLVED]win32:Vitro How to protect and how to remove?
« Reply #9 on: April 03, 2009, 02:55:02 PM »
Hope Polonus could give us some help...
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: [SOLVED]win32:Vitro How to protect and how to remove?
« Reply #10 on: April 03, 2009, 06:05:07 PM »
Hi Tech and dm77uk,

Consider this info: http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=314

Can you upload your ntdll.dll file to virustotal.com and fill me in with the results, vital in this stage is to do your later scans in Safe Mode, but I like the virustotal.com information first,

polonus (malware fighter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

dm77uk

  • Guest
Re: [SOLVED]win32:Vitro How to protect and how to remove?
« Reply #11 on: April 04, 2009, 08:19:23 AM »
Hi Tech and dm77uk,

Consider this info: http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=314

Can you upload your ntdll.dll file to virustotal.com and fill me in with the results, vital in this stage is to do your later scans in Safe Mode, but I like the virustotal.com information first,

polonus (malware fighter)
here are my virustotal results from the scan of my ntdll.dll file

http://www.virustotal.com/analisis/9aa0c367e1ef7a80aed06ae0209823b3

if you need any more information from me then just let me know,and thanks once again for your help.

Fnord

  • Guest
Re: [SOLVED]win32:Vitro How to protect and how to remove?
« Reply #12 on: April 04, 2009, 05:37:16 PM »
I had a thought, what about replacing the infected .dlls with fresh ones? Is there no program that can do this? Or after removing the generated Virus files trick XP into thinking it's shut down then replace dlls in console. Surly this virus can be beaten without having to reinstall the entire OS.

Fnord

  • Guest
Re: [SOLVED]win32:Vitro How to protect and how to remove?
« Reply #13 on: April 04, 2009, 05:51:59 PM »
Note: I found that several other things came with Vitro, Trojan {other} and A rootkit thing. From the information I found in these posts I was able to remove most if not all of them. But Vitro And Virut-C do not move. I have tried everything so far, I will Not Reinstall and MS can kiss my broke A** if they think I'm going to upgrade (Ha) To Vista. I did upgrade to Firefox and that has solved many problems, a bit ram heavy but it works. As for the other things that Vitro kindly left on my machine the Hijack This kit works on them and avast takes some if not all of the other offshoots out. What I want to know is who made this! I have seen rumours saying MS themself made it but I find that hard to believe.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: [SOLVED]win32:Vitro How to protect and how to remove?
« Reply #14 on: April 04, 2009, 07:39:20 PM »
I have seen rumours saying MS themself made it but I find that hard to believe.
No, Microsoft does not share and deploy viruses except Windows itself ;D
Joking. Virut is a very hard infection to get rid but, for sure, it's not there to upgrade XP to Vista.
The best things in life are free.