Author Topic: Malware name Win32:Vitro  (Read 340230 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Malware name Win32:Vitro
« Reply #75 on: February 25, 2009, 10:45:14 PM »
Can you submit the file to www.virustotal.com and check what's happening?
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Malware name Win32:Vitro
« Reply #76 on: February 25, 2009, 10:52:01 PM »
Duplicate deleted.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Malware name Win32:Vitro
« Reply #77 on: February 25, 2009, 10:52:59 PM »
OK... starting to wonder if ive got this virus or not... or if its the 'false positive'
Ive scanned fully with Dr Web Curit in safe mode and found nothing.
I tried with Avast and it handnt found anything, however the screensaver version off avast, found the thing again... so its ending with 'nvlddmkm.sy' like im reading in some posts. But to far to my knowledge, and to drweb and avast it hasnt effected any other files... help lol.

The screensaver scan uses the same virus database, so it shouldn't matter what type of scan, so I'm not sure what is happening if one scan doesn't detect but the other does (but you don't say which avast scan doesn't see anything)...

There was a confirmed FP with some nvidia files, if you have the latest VPS update then that FP has been corrected, so ensure you have the latest VPS update and check again.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Committed

  • Guest
Re: Malware name Win32:Vitro
« Reply #78 on: February 25, 2009, 11:36:59 PM »
OK... starting to wonder if ive got this virus or not... or if its the 'false positive'
Ive scanned fully with Dr Web Curit in safe mode and found nothing.
I tried with Avast and it handnt found anything, however the screensaver version off avast, found the thing again... so its ending with 'nvlddmkm.sy' like im reading in some posts. But to far to my knowledge, and to drweb and avast it hasnt effected any other files... help lol.

Sounds like the same issue I just had with a false positive on an Nvidia driver.  I removed that file as at the time I thought it best if it were infected.  After running Drweb and finding nothing, I rebooted out of safe mode, updated my Avast, ran again and all was clean.  I then went to Nvidias sight and installed the latest driver for my card as my comp wouldn't allow me to move that file back into it's original folder.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Malware name Win32:Vitro
« Reply #79 on: February 26, 2009, 12:21:12 AM »
I removed that file as at the time I thought it best if it were infected.
The better is always send the file to Chest and not direct removal... it allows further investigation, scanning, restoring...
The best things in life are free.

Offline Confused Computer User

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 700
  • The answer is 42
Re: Malware name Win32:Vitro
« Reply #80 on: February 26, 2009, 12:52:02 AM »
Wow,

this virus seems to have even the gurus worried which for me is a first. I have a simple question pertaining not just to this but to viruses in general. My drive is partitioned as follows:
C:\ for system files
D:\ recovery partition.

This D: partition is somehow protected and I can't access it even in administrative mode (which is the only mode I use.
So is it likely that a virus will have access even if i don't? Keep in mind that I have used this partition in order to get my system formatted as it were (it's called system restore to factory defaults but it's much like a format of the c: partition)
When I see that even experts are having a hard time to get rid of it, even after format I am getting worried about my my own plan of system restoration in case of the unthinkable.

Also how do you recover your docs with out opening the OS? do you use a live Cd Linux distribution to transfer simple files (since executabels in windows won't work in Linux... I think) or do you pull out the hard drive and put it in another computer and then go on from there?

Thank you for any and all replies? I hope this is not too off topic for this thread.
Computer Systems:

Intel Pentium 4 641 / 2GB RAM / Vista Home Basic SP2 / avast! 5.0 Home / SAS Free / MBAM Free / Windows Defender / Windows Firewall / Spyware Blaster/ Secunia PSI / Firefox 3.6 / Opera 10.5

Core2Duo T8300 / 4GB RAM / Vista Home Premium SP2 (32 bit version) / Same Software.

Committed

  • Guest
Re: Malware name Win32:Vitro
« Reply #81 on: February 26, 2009, 12:55:17 AM »
I removed that file as at the time I thought it best if it were infected.
The better is always send the file to Chest and not direct removal... it allows further investigation, scanning, restoring...
I know, but Avast wouldn't allow me to do anything with it.  If I tried to put it in the vault, it said access denied. 

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Malware name Win32:Vitro
« Reply #82 on: February 26, 2009, 01:52:25 AM »
I know, but Avast wouldn't allow me to do anything with it.  If I tried to put it in the vault, it said access denied. 
In this case, run a boot time scanning ;)
The best things in life are free.

danmaher

  • Guest
Re: Malware name Win32:Vitro
« Reply #83 on: February 26, 2009, 10:42:07 AM »
Ive just done a scan of my comp. And thank goodness its come up clean.
Ive scanned the usb and the external i had plugged in at the time and both are clean also.
SO it looks like mine was a 'false positive' that ive read about.
However i would like to thank everyone on this forum for the help and readings!!
I dont know what i would have done without your help... and certainly know where to come in the future!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Malware name Win32:Vitro
« Reply #84 on: February 26, 2009, 01:02:21 PM »
certainly know where to come in the future!
Well, you can spread the word and also try to help others ;)
The best things in life are free.

emantoyaks

  • Guest
Re: Malware name Win32:Vitro
« Reply #85 on: February 27, 2009, 11:27:24 AM »
Yapping... its a f***ng s**t Worms its affecting your all executable files. What a magnifecient Worms...


I have a simple Idea: You must format the drive C:\ only and install your fresh O.S and download Anti virus Software in the Internet, Don't install it at your backup because I'm sure its infected...
« Last Edit: February 27, 2009, 11:47:05 AM by Vlk »

Pedro Hin

  • Guest
Re: Malware name Win32:Vitro
« Reply #86 on: February 28, 2009, 03:54:14 AM »

...Also how do you recover your docs with out opening the OS? do you use a live Cd Linux distribution to transfer simple files (since executabels in windows won't work in Linux... I think) or do you pull out the hard drive and put it in another computer and then go on from there?

Thank you for any and all replies? I hope this is not too off topic for this thread.

It's safe to boot the PC from a 'Live' Linux CD and then copy your documents to an external drive. I often boot PCs from Linux CDs to recover data. I have also done this to remove certain types of malware executables (but not Vitro)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Malware name Win32:Vitro
« Reply #87 on: February 28, 2009, 04:08:15 AM »
Be careful what you copy over, .exe, .scr, .mp3 and .wma files are targeted by this virus.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Confused Computer User

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 700
  • The answer is 42
Re: Malware name Win32:Vitro
« Reply #88 on: February 28, 2009, 05:12:19 PM »
Thank you Pedro Hin and DavidR.

I usually use Puppylinux to boot from live cd (so far it's the only Linux distro that booted on an old Compaq machine with very low ram a bit over 64MB RAM)
I would only copy .doc, .pds, and ppt files at most. I think that these as well. Can you confirm? As a rule of thumb I always scan any new mp3 or wma file.
 Thanks again.
Computer Systems:

Intel Pentium 4 641 / 2GB RAM / Vista Home Basic SP2 / avast! 5.0 Home / SAS Free / MBAM Free / Windows Defender / Windows Firewall / Spyware Blaster/ Secunia PSI / Firefox 3.6 / Opera 10.5

Core2Duo T8300 / 4GB RAM / Vista Home Premium SP2 (32 bit version) / Same Software.

ulao

  • Guest
Re: Malware name Win32:Vitro
« Reply #89 on: March 01, 2009, 03:23:28 AM »
Hi all, been dealing with virus's for longer then I care to talk about, but man this thing is fun huh? Put this guy on my "wish to meet in a dark ally" list..

Anyways.. Ok so I got this virut.ce thing. Fortunately KasperSky could repair most of it. They had a nice little linux boot disc, fixed 800 some files. I some how got this nasty on two systems.. So All clean up right everything is good.

Then avast says I have a vitro nasty on one of the virut.ce victims .. Well that is what brought me here.. So this time KasperSky wont find it but avast did, and I could beat it in safe mode.. So After all of that I do another scan ( 3 TB mind you, not all exe's ;) ) Clean up a few more that didnt get found and I see my second system also learned of this new vitro..

So I'm thinking, some how one nasty lead to another..

So I'm working away and my programs start believing funny again, did it morph in to another virus now?

Was I right, does this virus call upon another? virut.ce->vitro->????

Does any one know how far it goes?

So far avast and Kasper find nothing, but I'm getting random crashes and DEP warnings again.  Perhaps I'm paranoid, thus I though i'd ask..