"The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. "Buggy" file infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.
* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess"
it's a new * * file infector from the authors of Virut..i am at my public library,so don*t have no worries.yeah,that win32-vitro virus really got me again!!problem is i do not go to nooo,sites i do not trust!!and my computer is once again is in the repair shop.it had gotten so bad,that when i turned on my computer,that there was no icons what so ever,but,could use computer in safemode.that was a [?????]sorry.so where is that virus coming from???is there any real way to keep it away??permantly???sorry,like i said my computers in the shop again,so maybe will be tommorrow before i can get it out,so anyone who gets that virus,i really know what you all are going thru,and good luck.
If i were to move these files to an external HD that has exe files in it.. would it most likely infect that drive?
Could these ben infected, and if so is there any way to disinfect these, or should I just dispose of them lest they let Vitro back into my system?Use the same procedures you've used in your computer and also
Could Vitro somehow have spread wirelessly to the router and thence to this computer, even though there is no network connection between the two computers?If two computers are networked, yes, the virus could have spread between them.
Thanks for the hint but the flash drive disinfector will not install,I go through all the Run and Allow stuff, then am told that the programme didn't install correctly. So I click "install again with recommended settings" but this just causes the cycle to repeat. Any ideas?Read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD's:
I did follow the instructions but the flash disinfector just doesn't seem to work for me. But thanks for the links, I have now downloaded and burned Avira just in case Vitro returns. Since I'd just wiped the computer I had nothing to lose so I plugged my two memory sticks in and ran DrWebCureIt - turns out that the autorun on one of them was infected with Win32:HLLW (dunno if this is connected to Vitro or not) but everything seems to be clean now. I tried the disc with my important documents on, and it was clean, so I haven't really lost anything apart from lots of sleep!Thanks for the hint but the flash drive disinfector will not install,I go through all the Run and Allow stuff, then am told that the programme didn't install correctly. So I click "install again with recommended settings" but this just causes the cycle to repeat. Any ideas?Read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD's:
1. Avira (http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html)
2. Kaspersky (http://dnl-eu10.kaspersky-labs.com/devbuilds/RescueDisk/)
3. BitDefender (http://download.bitdefender.com/rescue_cd/)
4. F-Secure (http://www.raymond.cc/blog/archives/2008/07/26/free-f-secure-rescue-cd-300-to-clean-virus-from-unbootable-windows/)
...do you guys know if there's a way to set a flash stick into read only mode? and if this will prevent the vitro virus from corrupting it? if it's already corrupted, then setting it into read only should do absolutely nothing, but i'm trying to find a way to plug flash sticks into infected comps safelyWhat works for me is to create a folder in the root of the flash drive named autorun.inf. Then I set the folder System, Hidden and ReadOnly attributes
ugh i nuked my comp now i have a strike f1 to retry boot f12 to go to system utility and i tried the restart test thing and it still beeps after that.... what do i need?^ i had someone do that for me cause i dont care about any files, i just need the firewire port since i dont have one on my laptop, and now thats my problem, is there a way to fix this, with a low cost atleast.
Just had this pop up when I was updating my Nvidia drivers... at first I thought it was a false positive since I was updating drivers but after reading the last 4 pages I have a come to the conclusion I'm hosed. I'm currently running a scan @25% atm and Avast has found 2 win32:vitro infections in
c:\hp\drivers\nvidia_uma_graphics\nlvddmkm.sy_\nvlddmkm.sy and
c:\nvidia\winvista\158.24\nvlddmkm.sy_\nvlddmkm.sy
That may be because the file in in use, but the first thing you need to do is a manual update (as suggested) and rescan the file.Are you talking about manually updating Avast? Right now I've express scanned with Dr.Web(found nothing) and am now about 1/4 through a complete scan. Nothing yet. After it's finished, I can disonnect this machine and reconnect my infected computer to the internet and update Avast if that is what your saying.
This may be a false positive on these nvidia files, there has just been a vPS update, 090225-1, which should resolve this, do a manual update (right click the avast 'a' icon, select Updating, iAVS Update) and scan the files again in the chest.
OK... starting to wonder if ive got this virus or not... or if its the 'false positive'
Ive scanned fully with Dr Web Curit in safe mode and found nothing.
I tried with Avast and it handnt found anything, however the screensaver version off avast, found the thing again... so its ending with 'nvlddmkm.sy' like im reading in some posts. But to far to my knowledge, and to drweb and avast it hasnt effected any other files... help lol.
OK... starting to wonder if ive got this virus or not... or if its the 'false positive'
Ive scanned fully with Dr Web Curit in safe mode and found nothing.
I tried with Avast and it handnt found anything, however the screensaver version off avast, found the thing again... so its ending with 'nvlddmkm.sy' like im reading in some posts. But to far to my knowledge, and to drweb and avast it hasnt effected any other files... help lol.
I removed that file as at the time I thought it best if it were infected.The better is always send the file to Chest and not direct removal... it allows further investigation, scanning, restoring...
I know, but Avast wouldn't allow me to do anything with it. If I tried to put it in the vault, it said access denied.I removed that file as at the time I thought it best if it were infected.The better is always send the file to Chest and not direct removal... it allows further investigation, scanning, restoring...
I know, but Avast wouldn't allow me to do anything with it. If I tried to put it in the vault, it said access denied.In this case, run a boot time scanning ;)
certainly know where to come in the future!Well, you can spread the word and also try to help others ;)
...Also how do you recover your docs with out opening the OS? do you use a live Cd Linux distribution to transfer simple files (since executabels in windows won't work in Linux... I think) or do you pull out the hard drive and put it in another computer and then go on from there?
Thank you for any and all replies? I hope this is not too off topic for this thread.
Thank you Pedro Hin and DavidR.
I usually use Puppylinux to boot from live cd (so far it's the only Linux distro that booted on an old Compaq machine with very low ram a bit over 64MB RAM)
I would only copy .doc, .pds, and ppt files at most. I think that these as well. Can you confirm? As a rule of thumb I always scan any new mp3 or wma file.
Thanks again.
Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register your antivirus software.
We recommend you to protect your PC now and continue safe Internet browsing.
Click here to get full advanced real-time protection and continue browsing.
Continue to this website unprotected (not recommended).
Is avast having problems only to clean an already infected machine, or is also missing variants of Vitro when it tries to infected a machine with an updated Avast Av?Both.
As things stand for the moment the best way is to go SafeHex to prevent infection, that will mean update and patch all of your Windows OS and all the vulnerable third party software (use Secunia PSI to do this real easy), do not cruise the Internet with full admin rights (only for necessary downloads and installs), do abstain from doing risky things there (going after cracks, key-gens, insecure P2P), use a safer browser like Firefox or Flock with NoScript and RequestPolicy add-ons installed), have a two-way fw active and update your av and have all the services like NetShield and Webshield etc. operational,
polonus
Why isn't this in the news?
I have told all my clients in a mass email to get avast since you guys were the only guys who caught this one.Are you sure that avast is blocking all the variants of Vitro?
Now the question is can it be stopped?Well... the Norton and McAfee users will think twice if they think they're completely protected...
The questions are:
1. How do you get infected?
2. Will, really, a firewall many any difference in this particular case?
Is Norton and the other companies asleep at the wheel?I think they're running against it... but the malware was winning...
I read there was a security leak in the new flash player and I think this is how the new virus got through. That would mean that if the server hosting the website like "Youtube" could be compromised.
Hey, i got a quick question. Do you have to unistall an older version of flash player to install the new one?? or does install over the older version.It's install over the old one.
We had an answer at the start of this thread: http://forum.avast.com/index.php?topic=42709.msg356973#msg356973You're right. I apologize.
The second layer of encryption is more complicated. It uses checks such as checking CPU speed, illegal instructions, and API address manipulation to detect analysis. This layer uses a custom XOR encryption algorithm, which is also weak, but built in such a way that makes it trivial for the author to change. Each change makes Virut appear entirely different to casual analysis.(N.B. So there should be a generic detection available)
Well from the outset you would say that, because it does not seem to serve a purpose
I thought the samething but Apple is owned by MS.
Back in May 31, 2008 I got this email BIG VIRUS COMING-CONFIRMED BY SNOPES
many users that never have their OS and third party software updated, making them vulnerable as hell. Not many users using safe browser procedures e.g. blocking script to run or request to be made from re-directs to malware sites. And we just go on selling M$ out of the box and run these with full admin rights on an as default machine with AV disabled, because isn't this using too much of my poor cycles?
According to the following McAfee writeup ( http://vil.nai.com/vil/content/v_154029.htm ) this is what the virus is doing (after the system has been infected!) to make an exception in the registry-settings of the Microsoft Windows firewall (that is only monitoring incoming traffic by default in XP and stops by default) the exception here is being made for the Winlogon.exe process in memory. This will result in Winlogon listening in on a TCP or UDP port and incoming outward connections for that port(s) will no longer be blocked by the firewall, While the virus injects itself into the winlogon process it can open up ports by itself.With Vista Firewall Advanced Settings, is it possible to block winlogon.exe outbound connections?
Hi Tech,So, can we just block all tentatives of winlogon.exe to outbound connections? All ports, all protocols?
Rules can be configured for services by its service name chosen by a list, without needing to specify the full path file name,
polonus
Hi Tech,I know how to do it.
Re: http://articles.techrepublic.com.com/5100-10878_11-6098592.html
pol
unless the terminal domain installing the nefarious code is in your whitelist, you're protected by NoScriptSo again NoScript fully protects the online user against going to this vector code,
Hi malware fighters,Keep your list as short as you can ;)
Got word from Giorgio Maone, about the protection against the code on websites through NoScript installed on Firefox or Flock browser. He writes:Quoteunless the terminal domain installing the nefarious code is in your whitelist, you're protected by NoScriptSo again NoScript fully protects the online user against going to this vector code,
polonus
When will a cure come out for this virus please?There isn't a cure for it... right now, only prevention: safe browsing and habits, update OS and antivirus. avast blocks a lot of their variants.
What I find strange is the forum was crazy with posts a couple weeks ago and now nothing. I upgraded to Vista and now I am beta testing Windows 7 and no problems. Go figure. I wonder why there is no interest in cleaning this virus?
Polonus, Thanks for the tips and the interesting but over-my-head reading.
Will it be safe to move HTM files from the original machine's HD?
And is the act of copying and moving enough to trigger an infection to spread?
All I want to copy are .doc, .mp3, and .htm files. The .htm files are negotiable.
Finally, I would like to know how I can tell if the USB drive is infected. I've got stick it in SOMETHING to reformat it.
Any hints?
PLEASE DO NOT COPY HTML FILES FROM ANY BACKUP IT CONTAINS THE CODE TO IMPLEMENT THE VIRUS ON YOUR SYSTEM!
DO NOT GO TO SERIALS.WS that is where i got it from.
rofl:QuoteDO NOT GO TO SERIALS.WS that is where i got it from.
do not use IE ...
Ok guys i had(!) the same problem.. (WINXP)
i cleaned up my HDD 5 times (!)
At first cleanup:
- Nothing malicious detected... 1hr later: (drivers etc. reinstalled) virus was up again..
Second format:
Same problem as before..
Third cleanup:
Same infect...
-> Booted up Backtrack and replaced winlogon.exe, lsass.exe
Tried to logon to windows -> fail (nothing happened *duh*)
-> Now windows setup shows that i've got a "new" partition on /hda which has 594902490290MB free! lol
-> windows setup wasnt able to load again after that...
-> started backtrack again kicked of the old partition table (yeah!)
-> repair partitions & fix MBR
-> formated C:\
4. format:
-> installed Kaspersky
-> Kaspersky found some infected files & deleted them..
---> Kaspersky fucked up my system... average boot time ~5minutes (after that WINXP crashed)
5. started WC3 out of the box - 2 minutes later WINXP -> infected...
after that i decided letting avast delete every file which is infected..
-> starting avast; check for viruses before windows is up
-> windows was mostly damaged..
6. Format
-> Kicked C:\ off and used G:\ as Windows HDD
-> installed avast; cleaned up everything on my other hdds
---> so far its working and clean
Ok i think this virus is VERY hard, its a whore! please clean up the MBR, too.
Means:
insert windows disk
-> wait until its loaded completly
-> F3 (Repair) and type: help
(if you logged in in the console etc.)
-> CMD is "fixmbr" (without " ")
if you have vitro.. dont try to repair .. delete everything!
Another advice: install MBAM!
Afaik this virus infects *.exe-files, which are smaller than a predefined size (thats what i think)! (Big *.exe files were not infected); & (in my case) is not infecting *.html files & it changed the hosts file (127.0.0.1 to *.pl)
although I think disabling Autorun would be beneficial and can't find a good method to do this.
Well, joking and talking seriously, Vitro is a very hard infection to get rid without formating, partitioning and starting all over again...I'm not Joking! I have no objection that Vitro is a very hard infection. But note that it won't trigger unless you execute them! No matter how many of these infected files you copy to your working drive. All you need to delete are the files that automatically execute at startup before you fresh install Windows--As in the steps I mentioned. Also, many didn't expect that AVAST fails do detect some of infected EXE files! That's why many still use them... and if Vitro pops up they wonder where Vitro was hiding during partitioning where infact even formatting is not necessary. You can even safely execute any file from the infected backup disk as long as it is above 100KB in size. Never execute a file below that size even if AVAST didn't report is as infected! Just one mistake and all your evil description about Vitro will come true!
Not much sense in doing that. This thing (because it's soo much more than a virus now) infects executable files.
A REMOVAL TOOL wouldn't stand a chance. At least I think so. The only options are prevention (first and foremost) and format. :(
Woulden't it be possible if the REMOVAL TOOL added its own extintion with a whole different coding like ".ffs" or ".wgr" so it wouldn't infect it?
???Woulden't it be possible if the REMOVAL TOOL added its own extintion with a whole different coding like ".ffs" or ".wgr" so it wouldn't infect it?
Up until now I've never seen those types of files. I looked for a description and only found one for ".ffs" at:
http://en.wikipedia.org/wiki/Unix_File_System
The thing is that we can't safe these files in formats that windows doesn't recognize and then try to execute them. It would be like trying to run a ".exe" file on MAC OS X. It wont happen unless you use special applications. (see link)
http://www.pcuser.com.au/pcuser/hs2.nsf/lookup+1/83ADDE11BB01E5A1CA256C48000F4708
So even if the file is a non executable it would have to be opened by one that is so still not much choice since that would probably be opened.
I could be wrong... I'm not sure if the ".wgr" type of files run on windows.
all of you are kidding right ?
fighting it ?
if you see vitro and you have external Hard Drive
Bash external Hard Drive with a hammer then burn it in microwave
insert your OS disk (make sure its read-only like CD-DVD)
format your hard drives
install OS
go buy a new external Hard Drive
Maybe the program could add the extintions so it works like with Microsoft Small Busness. O_o
Last question i have a friend that has important movies and stuff on his pc, he has been affected with this virus but he has no way of backing up his stuff. is there any way on how to remove it without formating and losing everything?1. Make a thorough bootscan with AVAST first before doing a backup. And allow it to delete all infected files. Don't worry your movies won't be deleted.
how did you know that it your HTML files are not infected? by scanning with AVAST?
You should know that so far AVAST can't detect an infected HTML file! You better try to open the file with notepad and you will see the malicious link in iFrame attached at the bottom.
The same applies to EXE files. Not all infected EXE files can be detected by avast so the size is our only hint.
My computer has been infected by Win32:Vitro, to now it has only infected some uninportant files and I am wondering if a anti virus-program can remove it (In the future)? How long will it probably take? I am wondering how long I can wait before I take action (of course I am going to take a backup of all important pictures and text-documents)
Thank for helping!
1. unplug all your external drives/media.Step three, with fdisk or any partition manager that could clean the partition (like http://www.ptdd.com/bootablecds.htm, http://www.ptdd.com/download.htm, http://www.ultimatebootcd.com/, or Super Fdisk Bootable CD 1.0: http://www.softpedia.com/get/System/Hard-Disk-Utils/Super-Fdisk-Bootable-CD.shtml).
2. unplug the AC (and battery if it's a laptop).
3. do an FFR (fdisk, format, re-install).
I understand that I have to clear my hard drive. I have vista on my computer, can someone please write step by step how to completely remove everything from the computer (or is formatting enough?). On this forum someone had formatted their hard drive numerous times and still the virus was coming back, I just want to be completely sure it will be removed.
I had USB Firewall runningTo prevent infections from USB drives, you can install USB Firewall (http://www.net-studio.org/application/usb_firewall.php) before using any USB drive.
127.0.0.1 jl.chura.pl
127.0.0.1 chura.pl
127.0.0.1 www.zief.pl
127.0.0.1 ns1.terns.org
127.0.0.1 ns2.terns.org
127.0.0.1 mail.chura.pl
Solution:No need to add the hosts like above,
1º Format PC.
2º Reinstall Windows.
3º Add to file Host:Code: [Select]127.0.0.1 jl.chura.pl
127.0.0.1 chura.pl
127.0.0.1 www.zief.pl
127.0.0.1 ns1.terns.org
127.0.0.1 ns2.terns.org
127.0.0.1 mail.chura.pl
No need to add the hosts like above,you should immunize your windows HOSTS, the virut has many many different generation, I've some sample of virut in my windows (quarantined) that avast! has not yet added them to their virus definition, they would, but take care till that time
My Windows had just got the vitros about 3 weeks ago, my Hard Drive has 3 partitions, then i formated the windows partition. re-install windows xp, install Avast with updated virus databases, that's all are enough... vitro virus doesnt come back till now.. even the infected files are still there in my hard drive in other non-formated partitions...
Heres EXACTLY how I got rid of it:
1. As soon as I realized I had it - I disconnected my PC from the internet
2. Immediately DISABLED System Restore
2. Immediately ran a BOOT TIME scan (not a regular scan in windows) - very important
3. Burnt a CD (because i wanted to make sure read only) with: A-Squared Antimalware, MalwareBytes and DR. Web CureIT.
4. Vitro generally infects your .exe's so bad they can't be repaired - I lost several Windows files and some other programs but unlike what I've heard from others - it didn't touch my word docs, powerpoint presentations, etc. During the boot time scan I let avast just delete the infected files
5. When the system came back up I ran Dr. WebCure it first
6. Then I ran A-Squared
7. Then I ran malware bytes
8. Then I ran another boot time scan (clean)
9. Ran A-squared again (clean)
10. Ran malware bytes again (clean)
11. Ran DR. Web CureIT again (clean)
12. At this point windows was limping along. cmd.exe got infected, notepad.exe got infected and other windows files (although Windows did boot).
13. And this is what made it so successful. I did a NON destructive, NO-Reformat repair on my Windows installation. Using my Windows XP cd and the instructions from InformationWeek I had my system back up in PERFECT running order again. See the link here: http://www.informationweek.com/news/windows/showArticle.jhtml?articleID=189400897
That article on InformationWeek really saved me. I had to reinstall some programs (Omnipage, CS3) but it was much better than DBAN.
I hope this helps someone else that gets infected by this nasty little bugger.
[
all your steps are Ok and good, but, as the test that I've done in my laptop for "Virut", I found that AVIRA has covered all generation of Virut, so I offer you to download Avira Rescue System (http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html), this is an AntiVirus bootable disc with latest virus definition from Avira, Download it from Here (http://dl1.pro.antivir.de/package/rescue_system/common/en/rescue_system-common-en.exe), run it, burn it to a blank disc, boot your computer using this disc, let it do a full scan and remove everything that found. I'm sure it would remove anything that currently be in your computer. well, until that time alwil cover all generation of Virut, it's best solution to get rid of Virut after very infection, so, after infection,
do these:
1. disconnect from internet
2. download and burn Avira Rescue System (http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html) using a clean computer and burn it to a disc
3. boot your computer using this disc and do a full scan, let it remove everything
4. back to windows, let avast! do a boot time scan using avast!
5. do full scan using MBAM (http://www.malwarebytes.org/mbam.php), SAS (http://www.superantispyware.com/), SpyBot S&D (http://www.spybot.info/) to prevent any download trojan to download virut for you again.
5. make sure your hosts is immunized
6. re-install corrupted programs.
7. fix your registry, it must be corrupted after steps above. ( I offer Auslogics Registry Cleaner (http://www.auslogics.com/en/software/registry-cleaner/download) and then Auslogics Registry Defrag (http://www.auslogics.com/en/software/registry-defrag/download))
Hi Omid
A real newbie here but will this work? I want to try it but a little worried.
Hi All, I recently got infected by this virus, after reading all of the posts I have decided to go with the formatting option. I understand this virus is still very much undiscovered and new attack zones are being found everyday. But what I would really like to know is if it will/has/can infect my pics? Most if not all are JPEG files. They are photos of my children so I would be Shattered if I had to lose them all! I am also very unclear where I could have pick this up from as we only use the internet for Ebay, Bank, Facebook and hotmail. I am more than Happy to lose everything else on my computer just not my photos. Please if someone could answer my question I would be ever so grateful!
TY to everyone who has posted how they removed the virus as it has given me options! Kris
what are the steps I need to take to immunize myself from Vitro when I come back up?Safe browsing and downloading, common sense on emails.
what are the steps I need to take to immunize myself from Vitro when I come back up?Safe browsing and downloading, common sense on emails.
Scan with www.virustotal.com any new file (suspect) to be executed.
Keep your operational system and antivirus updated.
Well... the general procedures...
Not quite what I meant. I mean - what do I need to do after formatting and reinstalling Vista to make sure I don't get reinfected from one of my other drives?
Is formatting and reinstalling on the C:\ drive going to make me safe enough to boot up, install/run Avast and clean up the other drives? Is simply having the other drives connected going to reinfect the primary drive?
It seems this thing is particularly malicious, and if it were some standard virus I wouldn't have these concerns, but I don't want to format only to find out I need to do it again because I got reinfected from another drive.
EDIT - Also, are any of my files safe on any drive? Are my videos (AVI and WMV) safe? What about family photos and whatnot (jpg and gifs)? I'm a bit confused because I have yet to find any truly detailed information about what files types Vitro will infect (other than exes and dlls).
Not quite what I meant. I mean - what do I need to do after formatting and reinstalling Vista to make sure I don't get reinfected from one of my other drives?
Is formatting and reinstalling on the C:\ drive going to make me safe enough to boot up, install/run Avast and clean up the other drives? Is simply having the other drives connected going to reinfect the primary drive?
It seems this thing is particularly malicious, and if it were some standard virus I wouldn't have these concerns, but I don't want to format only to find out I need to do it again because I got reinfected from another drive.
EDIT - Also, are any of my files safe on any drive? Are my videos (AVI and WMV) safe? What about family photos and whatnot (jpg and gifs)? I'm a bit confused because I have yet to find any truly detailed information about what files types Vitro will infect (other than exes and dlls).
after format drive C: and before install windows, scan all your drive partitions using Avast Rescue System to make sure there are not any virus missed by avast!, avast! is very good and this scan would be for making sure. it's easy and free :)
The Avira AntiVir Rescue System a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer. The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available. You can download it from Here (http://dl1.pro.antivir.de/package/rescue_system/common/en/rescue_system-common-en.exe). You can learn how to use it from Here (http://www.avira.com/en/support/kbdetails.php?id=267).
also, if you want to burn that disc yourself with your own burning tool (Such as Nero or…), you can download the Image File (.iso) from Here (http://dl1.pro.antivir.de/package/rescue_system/common/en/rescue_system-common-en.iso).
After burn it to disc, use it to boot your computer and do a full scan and remove everything it find.
only your .exe files are at risk, but anyway it's better you scan all files, maybe some of .exe files be still clean, or maybe some new .exe files be hidden in your other drives. do a full scan to make sure :) (also, some generation of it can infected .dll files too, media files are safe though).
Awesome! This is what I needed. I'll probably deal with all this in the coming days. As long as I don't have to format my media drive I will be okay, losing 14 years worth of music collection (and god knows where all those CDs are now), years of family photos, and tons of videos is just not an appealing prospect.
Welp, looks like I have my solution. Thanks a ton!
Awesome! This is what I needed. I'll probably deal with all this in the coming days. As long as I don't have to format my media drive I will be okay, losing 14 years worth of music collection (and god knows where all those CDs are now), years of family photos, and tons of videos is just not an appealing prospect.
Welp, looks like I have my solution. Thanks a ton!
I have a USB 2.0 External Enclosure like this that I have a 80GB HD from my old PIII that died for backups:
http://www.newegg.ca/Product/Product.aspx?Item=N82E16817816002
Its great as I can move it between systems and have backups in one place.
dose avast kill this thing once it finds it. it found one file and it deleted it. Am i good? also how long has this thing been out? it found it on the boot up win 32 vitro, i pressed 1 and after that it kepted scanning. ? should i do somthing else
thank you for your time
And the Avira console colors are all wrong, any ideas why? I can barely read half the text and can't even see the other half. It also seems to get stuck at "Load modules..." - been sitting at 0% for quite a while now.some compatibility problem with a few of graphic cards has been reported. it's Avira problem, I would report it to them too.
Hey all, I recently got attacked by this ass of a virus.
I decided to just take the easy way out and reformat, but I want to backup some things before I do.
I was wondering if I was in safe mode when I did the backups to a external harddrive, would it get infected? I wouldn't be backing up any exes just music and files, the Harddrive in question hasn't been plugged into the infected computer for a while so im almost positive its not infected, but it does have a few Exes on there, is there any chance they would get infected If I plugged it in during safe mode?
Hey all, I recently got attacked by this ass of a virus.
I decided to just take the easy way out and reformat, but I want to backup some things before I do.
I was wondering if I was in safe mode when I did the backups to a external harddrive, would it get infected? I wouldn't be backing up any exes just music and files, the Harddrive in question hasn't been plugged into the infected computer for a while so im almost positive its not infected, but it does have a few Exes on there, is there any chance they would get infected If I plugged it in during safe mode?
These have to be blocked absolutely with SpywareBlasteHow can SpywareBlaster block IP addresses or URLs as it uses CLSIDs for blocking?
It also adds URLs to the Restricted Sites (IE only) area, that's how ;D
It is done automatically by the updates, so if the urls are in the update then they would be blocked.They are not there according to ZonedOut and I have the latest SpywareBlaster updates installed:
How can SpywareBlaster block IP addresses or URLs as it uses CLSIDs for blocking?
hello
I've been infected by vitro,and i have some questions.how can i get out some pica's and mp3's from my PC?if i format my harddisk (c:,d:) resize them can the virus come back again?is it safe to attach the pic's with email to send them to another e mail the when i have formated download them from the e mail?thank you
hello
I've been infected by vitro,and i have some questions.how can i get out some pica's and mp3's from my PC?if i format my harddisk (c:,d:) resize them can the virus come back again?is it safe to attach the pic's with email to send them to another e mail the when i have formated download them from the e mail?thank you
I noticed the post the moderator made, but this is a question I'm wondering as well. CAN I rescue my MP3s, and if so, how? The link provided did not directly address this; it talked about how to salvage system in general (through deletion of most data).
I will DIE without my MP3s :(
Thanks in advance
hello
I've been infected by vitro,and i have some questions.how can i get out some pica's and mp3's from my PC?if i format my harddisk (c:,d:) resize them can the virus come back again?is it safe to attach the pic's with email to send them to another e mail the when i have formated download them from the e mail?thank you
I noticed the post the moderator made, but this is a question I'm wondering as well. CAN I rescue my MP3s, and if so, how? The link provided did not directly address this; it talked about how to salvage system in general (through deletion of most data).
I will DIE without my MP3s :(
Thanks in advance
i don't know if for example hotmail's antivirus is good enough that i can send some pic from my pc to an e-mail then when i fix the problem with vitro when i get the pic again from the e-mail if vitro infects my pc again?this is my problem.i don't give a f... if my other files will be lost except the pics,the other files is not a problem to download them.
hello
i have removed vitro so far but i have now a other problem,my usb stick was infected by the virus and i have formated the usb as well but now every time i format the usb and removed it from my pc it's ok but when i connect the usb stick it makes by it self the autorun for the usb.i have tryed to delete the autorun.inf but there is no autorun.inf so my question is why is it like it is
@Jackel585: Welcome to forum :)
but... sorry, not agree at all! (in my personal opinion)
Lol... The best solutions is goto safemode just restart your PC and click 'F8" or 'F5" then download this Virut Removal Tool and Run:
To remove the Virus use this 3 combination to remove them:
http://www.avg.com/filedir/util/avg_rem_sup.dir/rmvirut/rmvirut.exe (http://www.avg.com/filedir/util/avg_rem_sup.dir/rmvirut/rmvirut.exe)
http://www.scanforfree.com/download/win32-virut-gen-5-remover.php (http://www.scanforfree.com/download/win32-virut-gen-5-remover.php)
http://download.norman.no/public/Norman_Virut_Cleaner.exe (http://download.norman.no/public/Norman_Virut_Cleaner.exe)
Note: Make sure you are in Safemode...
so don't worry because there is a way to remove this F***ing Virus...
by: http://emantisoy.vze.com (http://emantisoy.vze.com)
...The Virus is created by Assembly Language that's why its hard to remove the Assembly is the greatest programming language I have ever had....
I want to give 100% of grades for the creator of "Virut" because it makes me challenge of his virus and his a kind of a Genius person...
and to avoid a re-start/re-boot to avoid additional damage
To remove the Virus use this 3 combination to remove them:Okay I guess that's a search and destroy mission to frighten even the likes of virut. But the combo is really only total effective on the face of things, that is, total success on paper. When in reality the writers of malware take into account the strong points of removal tools, as well as the scripting strategies of (the very best of) anti-malware and antivirus weaponry, and then they lay traps that swallow pieces of search, and upend pieces of destroy, and so wind the lines of the cleaning operation back in favor of obfuscation and ruin, on all levels, except the one that plays the script back into the poison hands of noxious malware perps (well, perhaps not so dramatic an event(s), pardon my zeal).
http://www.avg.com/filedir/util/avg_rem_sup.dir/rmvirut/rmvirut.exe
http://www.scanforfree.com/download/win32-virut-gen-5-remover.php
http://download.norman.no/public/Norman_Virut_Cleaner.exe
disagree!! 100%!!
when you say that, I can say nothing more, because I trust you, using your product to protect my computer is showing that I trust you!! ;)
| Program | Download | Offline Updater |
| Malwarebytes Antimalware | Download (http://www.malwarebytes.org/mbam.php) | Updater (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) |
| SUPERAntiSpyware | Download (http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe) | Updater (http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE) |
| SpyBot S&D | Download (http://www.safer-networking.org/en/mirrors/index.html) | Updater (http://www.spybotupdates.biz/updates/files/spybotsd_includes.exe) |
@Omid Farhang
dude, all i wanted to tell was to be stopped being bothered by the vitro virus.
It is not about blaming avast or pramoting other anti-virus.
Hope you get my point talking about FTP.exe :)
Thanks for the info regarding various tools and software!
Hi Omid Farhang, I read about ur thread about installing hostsman and I decided to give it a try and once I followed ur instructions my hosts tab section on my Online Armor firewall came up with these bad hosts name and I did not know if to set it to allow or block these hosts so I uninstalled the hostsman program and left my original hosts files.
I'm not familiar with the online armor firewall functions as I just installed it not too long ago. Also I don't know much about hosts protection and hosts files.
This is ludicrous stdedos. The forum is here for people who have problems with their computers. A ridiculously small amount of people by any regard (for one example, compared with the amount of people who use avast antivirus brand). On top of that, not all the people here actual have problems with their computer. Some just want to learn things. Further to that, even less again have the problems you have.I actually had a problem with my computer, you may read above which it was. But I seem unable to get to understand your point to that … this is a virus troubleshoot forum, whether you got a problem or you want to learn about malwares ect … I knew all the way back when I posted about that …
I have never had any problems that compare with the ones you seem to have. So when speaking your anecdotal situation, …Anecdotal?!? Why is that?
… you are providing us forum members with some possibly useful info, but you are also telling us that you have got yourself into situations that we tend to avoid.Well ... I thing every success can teach you something good …
Similarly, you are implying that you follow you're own advice regardless.No … while you may think of that, I had first already began with the restoration, without any assistance, because I wasn’t aware of the great impact Win32:Virut had done plus I thought this could be easy. Second, I mention that afterwards I’ve read a whole lot of 13 pages of replies, and I had taken the same actions more or less … That is, I wasn’t aware of the Dr.Web CureIt.
For this reason, I expect you will continue to end up in the same old situations whether you use avast as your antivirus option or not.Well no … Avast! was the one that revived the pc … I got hold of other serious issues when I got the change to install it in a Safe Boot environment … but for this, I had to fix some exe files so I could actually boot …
You do nevertheless have the benefit that this will still be a learning experience in spite of all else that you might do for whatever you might think is correct.Yeah, it is! Create updated UBCDs often and for Godshake … schedule a boot scan! ;)
Anecdotal meaning your own situation that should not be taken as the norm for all of us who have had good experience working with avast as an antivirus.I use avast! on my desktop and I have no issues ...
Perhaps I was a bit harsh. I apologize for that, and you did well to save your laptop. As a prevention tool avast! antivirus is probably best performance wise, and in this role enables a stable desktop that other cure-it type tools and utilities can build upon. And worth repeating that an ounce of prevention is worth a pound of cure. I think perhaps you right that sometimes will have to run the cure-it tools to unclog the system (anti-rootkit is also good example) and running bootscan when cleaning up at the end.I think so too! I fully agree, but the only think that I didn’t like was the lack of repairing … I see the option, but I hate it when I can’t simply use it … (But I found a way to come around this, with other programs …)
Generally I run bootscan early in process. With client computer not knowing what might come across, good chance with virut if can remove existing AV (use Revo) and load avast in Safe Mode, and run bootscan even before have run computer in Normal Mode. Can be off to a good start, and even perhaps quick fixit. Better chance anyway. Run bootscan at the end is bit superfluous though still good policy to do so.Well I’d consider doing so … but when I got hold of it, I could do nothing much but boot the UBCD I had, outdated … so, I could do this, only after I had made a prior fix … Which, as of now I do not regret, because if I had done otherwise, I would be simply unable to boot it, due to the vast number of infections (more than 1750 fixed).
But you right you have good learning experience with virut. Perhaps I was bit harsh. I was coming to defence of avast as antivirus.Well … apart from the not-fixing part, I do not have any other issues on Avast! … It helped me in a hard time, and this makes it from now and on my standard (it always was, but now I won’t change it at all)