Author Topic: win32:virut virus (Read 15869 times)

matrunner · « **on:** September 17, 2007, 03:26:03 AM »

win32.virut virus affected some of exe files and some files too
cant heal r remove these without del thosefiles and exe
and seems getting sread each time...
using avast home edition...

hw to remove this virus safe with out del files

Lisandro · « **Reply #1 on:** September 17, 2007, 03:46:55 AM »

If avast was installed a long time and you have generated a VRDB (virus recovery database), the executables could be repaired as far I know. If you didn't generate it... well, try this http://www.grisoft.com/doc/34/us/crp/0/ndi/67762
If it fails, I'll need to ask if you have a full backup...

matrunner · « **Reply #2 on:** September 17, 2007, 03:53:43 PM »

yes i am using avast for over 7 months...
the link of avg u gave i tried earlier it self it didt give out any good antici9ated results....
what can be the best way to solve this...
currently the virus have infected logon.scr file too...and some exe's in the system...
want to heal it 9ro9erly....

Lisandro · « **Reply #3 on:** September 17, 2007, 04:35:43 PM »

I'll need virus cleaners experts here... If I continue to guess and suggest, I can harm more than help. I know my limitations... If a virus is infecting all the executables in the computer, it could be a problem difficult to solve and as time goes by it gets worse.

SNOWHITE · « **Reply #4 on:** September 19, 2007, 04:26:38 AM »

Hello matrunner,

I am afraid that i have some bad news for you.

If your computer is infected with this variant of virus Win32.Virut.q , there is not much that can be done.

This will infect all .exe files on your system, it is a polymorphic file infecting virus, which means that it changes constantly and makes it difficult to detect and clean, because it's code is constantly changing.

There is yet no cure for this variant of virut because of too much corruption it does to files.

Do not run avast boot time scan yet, it is possible that after running it the computer not to be able to boot. Also do not run online scanners like Bitdefender and others that includes cleaning, because we already tested couple of online scanners and they deleted all system files that were infected. You can run Kaspersky online scan because it doesn't offer cleaning service and we can confirm that way if you have this variant of virus.

I suggest that you make a back up on CD, any important documents you might need, you can also back up your music and picture files, but don't back up any exe files or screensavers.

I am afraid that clean reformat is the only choice here. You will need to have recovery cd or back up image of the system. After reformatting, use avast to scan your back up CD, also online scanner to confirm that the back up you have is clean of this virus.

Let us know if you need help with this.

Regards

SNOWHITE · « **Reply #5 on:** September 19, 2007, 04:55:33 AM »

Just to add this, don't download any keygens, because this is how most of the people got infected with this virus.

So far the sites we know that it would be good to block them are these:

proxim.ircgalaxy.pl
1.mezzicodec.net
smart-security.biz
ntnrkrnlpa.info

You can enable URL blocking in avast and add this sites to be blocked.

MeDIeVaL · « **Reply #6 on:** September 19, 2007, 12:28:57 PM »

Quote from: SNOWHITE on September 19, 2007, 04:55:33 AM

You can enable URL blocking in avast and add this sites to be blocked.

This block url thing... is it in pro edition? I can't find it anywhere in home edition...

DavidR · « **Reply #7 on:** September 19, 2007, 07:23:54 PM »

Quote from: MeDIeVaL on September 19, 2007, 12:28:57 PM

Quote from: SNOWHITE on September 19, 2007, 04:55:33 AM

You can enable URL blocking in avast and add this sites to be blocked.

This block url thing... is it in pro edition? I can't find it anywhere in home edition...

It is in both versions and is part of the Web Shield, Customize, URL Blocking, ADD. See images.

Rick F · « **Reply #8 on:** September 19, 2007, 07:49:02 PM »

This "Win32.Virut.q" really looks like a bad one. You can read about someone else's problem with it on Spybot forum here:

http://forums.spybot.info/showthread.php?t=18075

It's a variant of "W32/Virut.h" (McAfee's name). See this link for particulars:

http://vil.nai.com/vil/content/v_143034.htm

sanctuary24 · « **Reply #9 on:** September 19, 2007, 07:52:35 PM »

Will this virus be covered in future definition updates, also if you can submit it to Avast that may help

DavidR · « **Reply #10 on:** September 19, 2007, 09:18:35 PM »

It is not so much the virus but the fact that it is a polymorphic (constantly changing) virus that makes it so hard to detect. avast has been working on new detections for polymorphic viruses as has been seen in recent improvements in av-comparatives.org tests, but there is room for much improvement.

SNOWHITE · « **Reply #11 on:** September 19, 2007, 10:48:02 PM »

Quote from: sanctuary24 on September 19, 2007, 07:52:35 PM

Will this virus be covered in future definition updates, also if you can submit it to Avast that may help

Sample is already sent to Alwil team, its up to them when they will add detection. All other av vendors that got this sample responded to the email that was sent, except Alwil team

but thats nothing new cause they never respond $:-\$

It would be good if they add detection sooner, so at least it can be prevented from installing at first place. So far the antivirus programs that detects this, they cant clean the files and instead of that they delete all files that are detected.

Steffen-Lekies · « **Reply #12 on:** September 20, 2007, 10:22:51 AM »

Hi,

my comp seems to be heavyly infected by this virus. I now intend to by a new harddisk, install on it a new windows xp and then use the old disks only for grabbing data (no exe or scr files). It could be that I sometimes have to run the old infected OS to look for older emails and/or run some infected files just for looking some older data where i do not have the install files anymore. Is it possible to run those files without infecting anything on the new hd?

Rick F · « **Reply #13 on:** September 20, 2007, 01:12:45 PM »

Quote from: Steffen-Lekies on September 20, 2007, 10:22:51 AM

Hi,

my comp seems to be heavyly infected by this virus. I now intend to by a new harddisk, install on it a new windows xp and then use the old disks only for grabbing data (no exe or scr files). It could be that I sometimes have to run the old infected OS to look for older emails and/or run some infected files just for looking some older data where i do not have the install files anymore. Is it possible to run those files without infecting anything on the new hd?

I wouldn't do it this way. The virus could easily spread to your new HDD. A better way would be to back up your data to a CD first -- scan that CD to make sure it's not infected, then transfer the files to your new HDD.

Steffen-Lekies · « **Reply #14 on:** September 20, 2007, 08:36:01 PM »

I now bought a new hdd (300 gig

) and additional 1 gig ram... hehe. So its not only bad...

I dismounted the old hdds and installed a fresh os (xp-home), then avast, reg-cleaner and so on. Now I am going to switch between the new and old (infected) hdds to not loose needed information.

Even my burn-prog is infected and won´t let me burn dvds. Only way is to create data folders and transport them with usb-stick. Shit, I only have one with 1 gig. So its becoming odd. Maybe tomorrow I´ll buy one with 4 gig. Or has someone an idea to transfer th old data faster?

I don´t transfer exe or scr files and always check the stick with avast before I transfer the data to the new hdd. Did I forget something? If someone notices such, please post here, I am checking this thread ongoing during the transfer.

Thanks for reading and any help, if given.

Author Topic: win32:virut virus (Read 15869 times)

matrunner

win32:virut virus

Lisandro

Re: win32:virut virus

matrunner

Re: win32:virut virus

Lisandro

Re: win32:virut virus

SNOWHITE

Re: win32:virut virus

SNOWHITE

Re: win32:virut virus

MeDIeVaL

Re: win32:virut virus

DavidR

Re: win32:virut virus

Rick F

Re: win32:virut virus

sanctuary24

Re: win32:virut virus

DavidR

Re: win32:virut virus

SNOWHITE

Re: win32:virut virus

Steffen-Lekies

Re: win32:virut virus

Rick F

Re: win32:virut virus

Steffen-Lekies

Re: win32:virut virus