Malware name Win32:Vitro

[kithoo]

Gametap is in the clear, it's a known site.  They use an ActiveX panel to allow you to play/stream games from a browser.  Currently I'm having issues even getting into my computer, I'm getting some sort of "Interactive logon failed to initialize." but I can get into Safe Mode.

It's looking like I'm going to have to format anyway - so what are the steps I need to take to immunize myself from Vitro when I come back up?

[Lisandro]

what are the steps I need to take to immunize myself from Vitro when I come back up?

Safe browsing and downloading, common sense on emails.
Scan with www.virustotal.com any new file (suspect) to be executed.
Keep your operational system and antivirus updated.
Well... the general procedures...

[kithoo]

what are the steps I need to take to immunize myself from Vitro when I come back up?

Safe browsing and downloading, common sense on emails.
Scan with www.virustotal.com any new file (suspect) to be executed.
Keep your operational system and antivirus updated.
Well... the general procedures...

Not quite what I meant.  I mean - what do I need to do after formatting and reinstalling Vista to make sure I don't get reinfected from one of my other drives?

Is formatting and reinstalling on the C:\ drive going to make me safe enough to boot up, install/run Avast and clean up the other drives?  Is simply having the other drives connected going to reinfect the primary drive?

It seems this thing is particularly malicious, and if it were some standard virus I wouldn't have these concerns, but I don't want to format only to find out I need to do it again because I got reinfected from another drive.

EDIT - Also, are any of my files safe on any drive?  Are my videos (AVI and WMV) safe?  What about family photos and whatnot (jpg and gifs)?  I'm a bit confused because I have yet to find any truly detailed information about what files types Vitro will infect (other than exes and dlls).

[Omid Farhang]

Not quite what I meant.  I mean - what do I need to do after formatting and reinstalling Vista to make sure I don't get reinfected from one of my other drives?

Is formatting and reinstalling on the C:\ drive going to make me safe enough to boot up, install/run Avast and clean up the other drives?  Is simply having the other drives connected going to reinfect the primary drive?

It seems this thing is particularly malicious, and if it were some standard virus I wouldn't have these concerns, but I don't want to format only to find out I need to do it again because I got reinfected from another drive.

EDIT - Also, are any of my files safe on any drive?  Are my videos (AVI and WMV) safe?  What about family photos and whatnot (jpg and gifs)?  I'm a bit confused because I have yet to find any truly detailed information about what files types Vitro will infect (other than exes and dlls).

after format drive C: and before install windows, scan all your drive partitions using Avast Rescue System to make sure there are not any virus missed by avast!, avast! is very good and this scan would be for making sure. it's easy and free

The Avira AntiVir Rescue System a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer. The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available. You can download it from Here. You can learn how to use it from Here.
also, if you want to burn that disc yourself with your own burning tool (Such as Nero or…), you can download the Image File (.iso) from Here.
After burn it to disc, use it to boot your computer and do a full scan and remove everything it find.

only your .exe files are at risk, but anyway it's better you scan all files, maybe some of .exe files be still clean, or maybe some new .exe files be hidden in your other drives. do a full scan to make sure (also, some generation of it can infected .dll files too, media files are safe though).

[kithoo]

Not quite what I meant.  I mean - what do I need to do after formatting and reinstalling Vista to make sure I don't get reinfected from one of my other drives?

Is formatting and reinstalling on the C:\ drive going to make me safe enough to boot up, install/run Avast and clean up the other drives?  Is simply having the other drives connected going to reinfect the primary drive?

It seems this thing is particularly malicious, and if it were some standard virus I wouldn't have these concerns, but I don't want to format only to find out I need to do it again because I got reinfected from another drive.

EDIT - Also, are any of my files safe on any drive?  Are my videos (AVI and WMV) safe?  What about family photos and whatnot (jpg and gifs)?  I'm a bit confused because I have yet to find any truly detailed information about what files types Vitro will infect (other than exes and dlls).

after format drive C: and before install windows, scan all your drive partitions using Avast Rescue System to make sure there are not any virus missed by avast!, avast! is very good and this scan would be for making sure. it's easy and free

The Avira AntiVir Rescue System a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer. The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available. You can download it from Here. You can learn how to use it from Here.
also, if you want to burn that disc yourself with your own burning tool (Such as Nero or…), you can download the Image File (.iso) from Here.
After burn it to disc, use it to boot your computer and do a full scan and remove everything it find.

only your .exe files are at risk, but anyway it's better you scan all files, maybe some of .exe files be still clean, or maybe some new .exe files be hidden in your other drives. do a full scan to make sure (also, some generation of it can infected .dll files too, media files are safe though).

Awesome!  This is what I needed.  I'll probably deal with all this in the coming days.  As long as I don't have to format my media drive I will be okay, losing 14 years worth of music collection (and god knows where all those CDs are now), years of family photos, and tons of videos is just not an appealing prospect.

Welp, looks like I have my solution.  Thanks a ton!

[Omid Farhang]

you're welcome, it worked for me and I got rid of Virto, hope it works for you too

[YoKenny]

Awesome!  This is what I needed.  I'll probably deal with all this in the coming days.  As long as I don't have to format my media drive I will be okay, losing 14 years worth of music collection (and god knows where all those CDs are now), years of family photos, and tons of videos is just not an appealing prospect.

Welp, looks like I have my solution.  Thanks a ton!

I have a USB 2.0 External Enclosure like this that I have a 80GB HD from my old PIII that died for backups:
http://www.newegg.ca/Product/Product.aspx?Item=N82E16817816002

Its great as I can move it between systems and have backups in one place.

[kithoo]

Awesome!  This is what I needed.  I'll probably deal with all this in the coming days.  As long as I don't have to format my media drive I will be okay, losing 14 years worth of music collection (and god knows where all those CDs are now), years of family photos, and tons of videos is just not an appealing prospect.

Welp, looks like I have my solution.  Thanks a ton!

I have a USB 2.0 External Enclosure like this that I have a 80GB HD from my old PIII that died for backups:
http://www.newegg.ca/Product/Product.aspx?Item=N82E16817816002

Its great as I can move it between systems and have backups in one place.

I've got a 500GB external drive that may be infected but it has, at most, 5 exe's and a tiny number of dll's on it so once avira/avast cleans it up it will serve perfectly for recovery of stuff.

[mokei]

dose avast kill this thing once it finds it. it found one file and it deleted it. Am i good? also how long has this thing been out?  it found it on the boot up  win 32 vitro, i pressed 1 and after that it kepted scanning.  ? should i do somthing else

thank you for your time

[Omid Farhang]

dose avast kill this thing once it finds it. it found one file and it deleted it. Am i good? also how long has this thing been out?  it found it on the boot up  win 32 vitro, i pressed 1 and after that it kepted scanning.  ? should i do somthing else

thank you for your time

Virto is hard to remove, beside avast! at least try 2 different antivirus engine to scan too.

the best way to scan computer with different antivirus is scan via Live Bootable antivirus disc, use these:
1. Free Dr.Web Live CD: http://www.freedrweb.com/livecd/

2. (recommended) Avira Rescue System:
The Avira AntiVir Rescue System a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer. The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available. You can download it from Here. You can learn how to use it from Here.
also, if you want to burn that disc yourself with your own burning tool (Such as Nero or…), you can download the Image File (.iso) from Here.
After burn it to disc, use it to boot your computer and do a full scan and remove everything it find.

[waruna]

Worst Case Scenario : Fresh format our hard drive. Means clear everything in HDD and start a new windows installation, right?

I got Win32: Vitro and Win32: RustNT infection just now, have no idea what to do beside start a new windows installation..  :'(

[polonus]

Hi Waranu,

If this horrendous buggy file infector has been loose onto your OS for some time without it running in SafeMode, you are better of with fdisk, format, re-install. Do not trust any peripherals (USB-sticks) etc. that have come into contact with vitro, because if a new install it could immediately re-infect.

the best way to scan computer with different antivirus is scan via Live Bootable antivirus disc, use these:
1. Free Dr.Web Live CD: http://www.freedrweb.com/livecd/  to see if all is cleansed.

After re-install see to two things update your OS to the latest updates and patches, and see all your third party software is updates and fully patched using Secunia PSI: http://secunia.com/PSISetup.exe

You can identify machines infected by current strains of the virus by looking for a service running as "Remote Explorer" in the services control panel. Better give us a HJT logfile txt as an attached txt file, download HJT from here: http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/

polonus

[kithoo]

Well I just started the process and I am left with a question.  How do I fdisk or format my root drive when I can't boot into anything?  Will one of the recovery consoles allow me to do this?

EDIT - And the Avira console colors are all wrong, any ideas why?  I can barely read half the text and can't even see the other half.  It also seems to get stuck at "Load modules..." - been sitting at 0% for quite a while now.

[Omid Farhang]

And the Avira console colors are all wrong, any ideas why?  I can barely read half the text and can't even see the other half.  It also seems to get stuck at "Load modules..." - been sitting at 0% for quite a while now.

some compatibility problem with a few of graphic cards has been reported. it's Avira problem, I would report it to them too.

[kithoo]

And now Dr. Web Live is getting some error and stopping the scan halfway through AND I cannot get into the Xorg GUI, just the small menu that lets me either start a scan or get into the command line.  This is frustrating to the max.