Malware name Win32:Vitro

[DavidR]

I never checked, you asked:

How can SpywareBlaster block IP addresses or URLs as it uses CLSIDs for blocking?

That is what I answered, I don't much bother or worry about flagging of individual sites as they are constantly moving targets.

[RaconRC]

This is not a solution, but with Comodo you can add all executable files to your protected files and you have to approve for every modification on your executable files, therefore Vitro must ask permission before it infect. You can prevent Vitro infecting any new files.

[StuMcD]

Evening Everyone,

I've tried reading through the thread to no avail for a solution.

First off, I had this virus come to my attention just after installing avast.  My PC was a mess after downloading a PC game.

When deleting infected files, Avast has wiped out many of my .exe files from the Systems32 folder.  As a result, I cannot log into Windows at all.  When I log in, in ANY mode under ANY user name (even as admin) it automatically logs right back out again.

I'm not advserse formatting the hard-drive and reinstalling windows to get rid of it completely but I DO need to log into windows and back some stuff up first and fore-most.

Is there any way I can fix this log on log off loop to back this stuff up before I format the whole thing?

I've tried doing a repair install, tried extracting files from the XP disc and it hasn't fixed the problem.

Thanks in Advance.

[DavidR]

Lets be clear avast hasn't wiped out any of your .exe files, the virus infected them avast detected the infected files and you chose the option to delete, avast doesn't take autonomous action. Deletion isn't really a good first option (you have none left), don't delete, send virus to the chest and investigate.

This virus is very virulent and for the most part when established you are fighting an uphill battle, which for most people has resulted in a format and reinstall as this topic attests. Somewhere in this topic I'm sure it mentions using a live CD version of DrWeb CureIt, even then this may not be effective in cleaning/repairing infected files. DrWeb Live CD if you are unable to get into your system see, http://www.freedrweb.com/livecd/?lng=en, documentation ftp://ftp.drweb.com/pub/drweb/livecd/LiveCD-en.pdf

You may also need to get a Linux Live CD to use that to back-up what you can as I don't know if the DrWeb Live CD offers any other function other than a scan.

[StuMcD]

Thanks David, I'll have a look.

I've got a laptop at home too that I'm on, so I'll try and burn a copy.

So are you saying there is a way for me to backup some files even though I can't log into windows?

[DavidR]

By not going into windows yes, that is the purpose of the Linux Live CD it runs  linux but should be able to view your windows partitions and I guess back-up files to a USB stick.

Just google Linux Live CD and you are likely to be snowed under with hits, damn small linux is one, puppy linix is another both of these really because the desktop distribution is relatively small and any Live CD theoretically should be smaller. You have to exercise card as to what to back-up as you could invariably be backing up infected files, no .exe, .htm/l or .scr files as these are some of the target files.

Having copied what you want to the USB, you could run the DrWeb CD again and scan the USB stick to ensure what you backed up is actually clean.

[ekay417]

I had a question concerning htm/l files and Microsoft Office applications. Will it be safe to open these files and applications in safe mode?

[DavidR]

Short answer NO, as there is no guarantee that Vitro doesn't run in safe mode, any file that you open which is a target file for Vitro is infected on opening. This is how it spreads so rapidly and is so virulent.

I have no idea which MS Office file types if any it targets.

[joebunn123]

I've had some luke with windows 7, My windows XP system was hit it's a totall loss, but important files can be transfered to a windows 7 system and cleaned it's worked for me sofar I,ve saved almost a third of what I would have lost redoing my XP system, I don't no if it will work for every one but it seems not to be touching windows 7 for me, it tried and the system just boots it out the door. I don't know how windows 7 is blocking it, Ive got it set up with just basic protection right now with avast but it is, and nicly too

[polonus]

Hi joebunn123,

This could be due to Windows7 having an additional file protection layer. Vitro causes maximal damage on XP, less in Vista and Windows7,

polonus

[asadbunty]

I hav also been hit by this virus!!...i dint knew that it was that much dangerous....wht i did after it was detected,, i deleted about 7 to 8 files and moved the rest to the chest!!..now the avast only and only detects this virus when i plug the lan wire!!...other wise it does not detect any!!...i ran a scan and it did not detect n e either!!!,,,,am i safe frm this virus now bcz i hav no problems using programes in windows yet!!

And yes i dun wanna loose my pc if it is that much dangerous!!,,,i hav just recently bought this pc and for the first tym p4 ,,and i love it!!....My father will not let me buy n e in future if it gets damaged!!!..please help!!

[ankitsharma202]

a website http://www.thekeys.ws  is infected by Win32:Vitro.so be carefull for this website.

[DavidR]

Please 'modify' your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

And your surprised that on a site like this you are't going to bit in the ass

http://www.mywot.com/en/scorecard/thekeys.ws

[asadbunty]

exactly i downloaded from that site and i was being hit by this virus!!!

[DavidR]

So you need to exercise more safe hex practices, go looking for hacks/cracks/keys and your sure to get bit in the ass sooner than later.