Avast WEBforum
Other => Viruses and worms => Topic started by: MKGS on October 23, 2009, 11:30:06 AM
-
Hi there folks, I was attracted to this forum as a result of the infamous "Win32 vitro virus." I've been reading through some of the older posts on the virus, however I'm lost as to what to do, since my PC has been experiencing rather odd characteristics of the virus... I had acquired the virus today while surfing the net. Everything I've downloaded goes directly onto to my external hard drive, which just contains movies and TV shows. I scan everything with the free version of Avast and have not run into any problems until this day. The vitro viruses began popping up, and I kept deleting them as they appeared, however it came to a point where multiple virus alerts surged and the windows command prompt came up. I panicked and hit the restart button on my computer, and pulled the external USB hard drive out. There isn't much valuable stuff on my PC, it's just my external hard drive that I'm concerned about. I have not replugged it back in because I'm afraid that the virus may jump from drive to drive, as I understand, the virus infects .exe files. Is there a chance that the virus will infect files such as: avi, mpeg, mp3, and etc?
I ran a full advanced scan on my hard drives, and then ran a boot scan afterwards (I set it to delete whatever it found to be viral -my pc still functions fine), and continued to use it in normal mode. I then tried to install antiviral programs such as AVG, and Avira through a flash drive, however it blocked those out as well. I'm now forced to use my laptop since I don't want to risk using my PC (Windows XP).
A few other characteristics of the virus:
- Intially it wouldn't allow me to use my Internet Explorer 7 -It kept linking me to an odd website when I attempted to click on google results
- When I tried to connect my PC to the internet to update the AVG and Avira during the installation process, Avast began warning me of lots of viruses, and it appeared that my PC was sending out messages. Avast picked them up and didn't allow the messages to be sent. I unplugged the internet and I'm now here.
I hope what I've written portrays an accurate and sufficeint analysis of the virus so that someone could offer me some advice as to what to do... As you can see, I'm no techy, and I've made some foolish mistakes, but I'd appreciate it if someone could shed some light upon this for me. Thanks your time, and I apologize for typing out such a large description.
-Mark
-
http://forum.avast.com/index.php?topic=43863.0
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
-
Dealing with the dispicable Vitro / Virut (Win32.Virut) polymorphic virus
http://technosopher.wordpress.com/2009/04/21/vitro-virut-win32/
-
Hello MKGS,
it is difficult to get a clean pc once infected with this virus. better is to back up the files required, format hdd, install windows again, install avast, update every other software including windows and then scan the back up.
you can give this a try, but cannot guarantee anything.
you can try dr.web cure it : ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
it claims to clean the infected files. where other scanners delete the files, give it a try. install, update and disconnect from the internet and scan
if the file doesn't work, you can use their live cd : http://www.freedrweb.com/livecd?lng=en
and the manual, please read this : ftp://ftp.drweb.com/pub/drweb/livecd/LiveCD-en.pdf (in order select cleaning of files options when detected)
come back and post
nmb
-
okay, thanks
-
okay, thanks
so what did you choose?
nmb
-
I've backed up the files I wanted, and I'm currently re-installing windows. I plan to connect my external hard drive back in when windows is done installing, so I can scan the hard drive for the virus.
-
My apologies for replying so late, but I've have been busy with school work. Anyway, I reformatted my comptuer and re-installed windows, and as you suggest, I installed Dr Web -scanned it, found nothing, but when I plugged in a flash drive and the virus came back, and so I deleted it with Avira and reformatted the flash drive. It seems like everytime I connect to the internet it comes back and beings infecting more .exe files. I'm just worried that the virus is going to infect my external HD, which just has movies and TV shows on it.
-
Hi MKGS,
Read more about this destructive file infector (you can be (re-) infected through all sorts of peripherals and via network connections) here:
http://forum.avast.com/index.php?topic=42709.msg356969#msg356969
The best solution here is to fdisk - reformat - reinstall and also cleanse all media with this file infector on it or it will come back faster as you can say some very quick word. It is so destructible because it circumvents the file protection system in Windows and firewall, it randomly infects or won't infect and sometimes only partially infect like hay-fire even executables that scan it. Rebooting makes the problem worse, cleansing in safe mode should be done immediately. Cleansing from inside linux installed on windows platform could be an option, but in moreover cases we have to throw in the towel, virus has won, total recall of the computer and hope that you have non-infected back-up media. For the rest vitro and virut will just make lengthy threads on av webforums. I haven't seen a solution but protection against it is an option you must consider- fully patch and update your OS, go online with normal user rights (malware cannot get to your system files and 97% of known malware cannot wreak much havoc then), upgrade and patch all your third party software (check with Secunia PSI), use a more secure browser like Firefox or Flock with the NoScrip extension installed, use layered protection like one resident dual-way firewall, one fully patched and updated av solution, some additional free anti-malware solutions like MBAM and SAS, SpywareBlaster, and some crap cleaners for after every session online ATF-Cleaner and/or ClearProg. This could be your formula to stay free of malware in the future,
polonus
-
Thanks for the advice Polonus, I'll have to reformat again, but just a quick question. Does the virus only infect executables and dll files, or does it just strike at random?
P.S Would Google Chrome be a better alternative to Firefox?
-
...P.S Would Google Chrome be a better alternative to Firefox?
NO ;)
-
I'd certainly keep Firefox, and use the "NoScript" add-on. This will block (most) unwanted content from entering the browser. Particularly valuable where a site has been hacked.
You would be wise to use an application like Flash Disinfector (http://www.precisesecurity.com/tools-resources/adware-tools/flash-disinfector/) or Autorun Eater. (http://oldmcdonald.wordpress.com/) Either will do a good job at preventing infections that transmit via flash drives.
-
sorry that I lost track of this topic. all the advises you get here from sir pol, tarq etc are the ones you need to follow and hence play safe online.
one more addition : use limited rights user account on windows so that 97 % of the malware can be stopped.
nmb
-
using a limited account on XP might be an option (guest is not a good example though ;D), and not an option at all on Vista/Seven >>>>UAC ;)
-
guest is not a good example though ;D
changed ;)
-
okay, thanks for the advice guys