Author Topic: Malware name Win32:Vitro  (Read 340180 times)

0 Members and 1 Guest are viewing this topic.

bylent

  • Guest
Re: Malware name Win32:Vitro
« Reply #300 on: July 04, 2009, 01:26:12 AM »
hello
I've been infected by vitro,and i have some questions.how can i get out some pica's and mp3's from my PC?if i format my harddisk (c:,d:) resize them can the virus come back again?is it safe to attach the pic's with email to send them to another e mail the when i have formated download them from the e mail?thank you
« Last Edit: July 04, 2009, 01:28:47 AM by bylent »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Malware name Win32:Vitro
« Reply #301 on: July 04, 2009, 01:45:32 PM »
Follow the directions here to clean Vitro: http://forum.avast.com/index.php?topic=46429.msg390041#msg390041
Don't you have a backup of your documents and data?
The best things in life are free.

radioactiverhino

  • Guest
Re: Malware name Win32:Vitro
« Reply #302 on: July 04, 2009, 07:51:20 PM »
hello
I've been infected by vitro,and i have some questions.how can i get out some pica's and mp3's from my PC?if i format my harddisk (c:,d:) resize them can the virus come back again?is it safe to attach the pic's with email to send them to another e mail the when i have formated download them from the e mail?thank you

I noticed the post the moderator made, but this is a question I'm wondering as well. CAN I rescue my MP3s, and if so, how? The link provided did not directly address this; it talked about how to salvage system in general (through deletion of most data).

I will DIE without my MP3s :(

Thanks in advance

bylent

  • Guest
Re: Malware name Win32:Vitro
« Reply #303 on: July 04, 2009, 08:17:29 PM »
hello
I've been infected by vitro,and i have some questions.how can i get out some pica's and mp3's from my PC?if i format my harddisk (c:,d:) resize them can the virus come back again?is it safe to attach the pic's with email to send them to another e mail the when i have formated download them from the e mail?thank you

I noticed the post the moderator made, but this is a question I'm wondering as well. CAN I rescue my MP3s, and if so, how? The link provided did not directly address this; it talked about how to salvage system in general (through deletion of most data).

I will DIE without my MP3s :(

Thanks in advance

i don't know if for example hotmail's antivirus is good enough that i can send some pic from my pc to an e-mail then when i fix the problem with vitro when i get the pic again from the e-mail if vitro infects my pc again?this is my problem.i don't give a f... if my other files will be lost except the pics,the other files is not a problem to download them.

radioactiverhino

  • Guest
Re: Malware name Win32:Vitro
« Reply #304 on: July 04, 2009, 08:48:32 PM »
hello
I've been infected by vitro,and i have some questions.how can i get out some pica's and mp3's from my PC?if i format my harddisk (c:,d:) resize them can the virus come back again?is it safe to attach the pic's with email to send them to another e mail the when i have formated download them from the e mail?thank you

I noticed the post the moderator made, but this is a question I'm wondering as well. CAN I rescue my MP3s, and if so, how? The link provided did not directly address this; it talked about how to salvage system in general (through deletion of most data).

I will DIE without my MP3s :(

Thanks in advance

i don't know if for example hotmail's antivirus is good enough that i can send some pic from my pc to an e-mail then when i fix the problem with vitro when i get the pic again from the e-mail if vitro infects my pc again?this is my problem.i don't give a f... if my other files will be lost except the pics,the other files is not a problem to download them.

If it's hotmail, it probably isn't good enough. But that's what I'm asking...does Vitro infect mp3s, jpgs, gifs, and the like?

EDIT: I've been reading some more, and now I am aware that Vitro DOES target mp3s. Although I know the safest thing to do would be to reformat and reinstall (I believe this is classified as the "Nuke" option), I would like to try and save my mp3s, as about 5000 out of my 25000 are not backed up. Would my safest bet be to load Avira (or BitDefender, or one of the other programs mentioned) onto a CD from a noninfected computer, and scan all mp3s before backing them up? Specifically how would you recommend backing these up? Also, I'm somewhat confused: after reformating, would it be safe to simply load from the uninfected backup, or would more steps need to be taken first?

I will never use uTorrent again (it was my first uTorrent download :( )
« Last Edit: July 05, 2009, 05:36:27 PM by radioactiverhino »

bylent

  • Guest
Re: Malware name Win32:Vitro
« Reply #305 on: July 07, 2009, 07:47:11 PM »
hello
i have removed vitro so far but i have now a other problem,my usb stick was infected by the virus and i have formated the usb as well but now every time i format the usb and removed it from my pc it's ok but when i connect the usb stick it makes by it self the autorun for the usb.i have tryed to delete the autorun.inf but there is no autorun.inf so my question is why is it like it is

Rask

  • Guest
Re: Malware name Win32:Vitro
« Reply #306 on: July 12, 2009, 09:38:47 AM »
Hello.

A few weeks back I caught Vitro (or Virut.56). Avast found it and I decided to plug off and try all sorts of things.

Someone suggested Dr.Web LiveCD to cure it (using CureIt). I can say that it didn't work. At least I could save some files to a nuked HDD which is now detached from my PC.

Right now avast! is finding more than ever Vitro infections and other malware (iframe insertions) and I'm resorting to nuking my drives. Will a zero-fill nuke suffice or should I take something heavier?

I heard that Vitro will attach to .mp3 files too. Is this true? Will it attach to program specific files (.psd (Photoshop), .rns (Reason))?

My word of advice: backup your files while you can. Don't boot to Windows until you're sure you've backed up your files (non executables and non .html files). In my case I've lost everyhing if this one gets mp3s and jpgs. There seems to be nothing you can do with this new form of Virut. :(

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Malware name Win32:Vitro
« Reply #307 on: July 12, 2009, 03:19:14 PM »
hello
i have removed vitro so far but i have now a other problem,my usb stick was infected by the virus and i have formated the usb as well but now every time i format the usb and removed it from my pc it's ok but when i connect the usb stick it makes by it self the autorun for the usb.i have tryed to delete the autorun.inf but there is no autorun.inf so my question is why is it like it is

The file may be set as a system and hidden file.

1. Flash Drive Disinfector
Information and Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Also see, AutoRun.inf problems, etc. - Download and run Autorun Eater
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

slitheen

  • Guest
Re: Malware name Win32:Vitro
« Reply #308 on: July 13, 2009, 09:54:43 PM »
Hello all, this is my first post....sorry if I should have introduced myself elsewhere on the forum first, but with this matter I'm sure I can be forgiven for dispensing with such protocols. I'll also apologise now for the long post coming your way, but I thought it time for you all to 'hear' a happy ending concerning Win32:Vitro and the wonderful (and free!) Avast! program.

It seems Vitro is no longer making ALL the headway in this war. Avast surely cured me when it caught it early enough. To cut a VERY long story a *tiny* bit shorter  ;), I was ravaged by Vitro on my PC. It has three HDD's - the system disk and two storage drives with just .AVI and .MP3 files respectively. That's to say the SYSTEM disk was ravaged, as my two storage drives seemed fine and there were no .exe files on them (at least I thought so then). I never had Avast! at this point, and AVG, Malwarebytes and Superantispyware never detected any viruses at all.....but I KNEW I had a BAD virus as my OS was QUICKLY getting eaten away to the point that I just logged on to a black screen...i.e. a completely destroyed operating system. So I formatted/re-installed FOUR times....but this unknown and insanely destructive virus was still there.....I had to watch my OS get eaten away again four times in a row. It since turns out it was my backups on a USB flash drive that kept re-infecting my system disk with what I now know was Win32:Vitro. So I employed the scorched earth policy....I disconnected the two storage drives from my motherboard, as I suspected they were not infected and I wanted them to stay that way. I rebooted, used Darik's Boot n' Nuke to overwrite the full system drive with 0's, re-installed XP, and as I had now suspected an infected flash drive, I never tried to put it back in and was prepared to forgo the back-ups and lose my stuff. My system now seemed fine, but I thought I'd try Avast! to see what it was like and to see if that found anything. So I installed Avast.

Avast! updated to the latest definitions and I set about scanning. It found nothing.....and my OS was seemingly back to normal. Great. However, I *really* wanted the files off my 16GB USB drive....so, with faith in Avast!, I took a chance and put it back in my machine. I IMMEDIATELY scanned it.......and low and behold it found several instances of the Win32:Vitro virus on the many .exe files belonging to various programs I wished to re-install. So I let Avast! put them all in the chest for the time being. Then, after some research on just how nasty Vitro can be, I decided I would forgo the contents of the USB drive and let Avast! delete the infected files from the chest. After that I re-formatted the flash drive and also used the flash 'Disinfector' utility to make sure it was clean. I rebooted the PC with the drive still attached and left it in...in fact it is still in now, days later, and both it and my PC are clean of Vitro. SO....that is at least one instance of Avast! detecting the virus and quickly and successfully deleting it before it could re-infect anything else. So good on you Avast!??????

BUT.....was it Avast that kept the USB drive clean or the Disinfector tool? Or was it a combination of the two? Well, here's the answer: As I was still convinced my two disconnected SATA storage drives were clean, I plugged them back into my mobo, the ones with Avi's and MP3's I mentioned earlier, and immediately scanned them both. Avast! reported that the one with the MP3's was totally clean....BUT the one with the Avi's had hidden 'System Information' and 'Recycler' folders, and in the latter was two Win32:Vitro infected .exe files that must have cheekily found their way there. So....I simply let Avast! delete them and carried on as normal.

That was over two days ago now and all is fine and dandy....so I now know that while Disinfector could possibly have helped a bit with the flash drive, it was DEFINITELY Avast!, and only Avast! that did ALL the detective work....and only Avast that I let delete the Vitro viruses from my infected storage drive. My system has been switched on constantly since then, I've done numerous Avast! scans, nothing whatsoever has been found, and Windows XP is as fit as a fiddle.

While earlier in this thread people spoke of Avast! finding Vitro but being unable to remove it, that is apparently not the case here. Perhaps it is starting to win the war? Obviously I benefited from immediate detection and removal of just a handful of Vitro infected files, as I had a clean system disk and OS at this point.....but the fact remains that Avast! found a load of Vitro infected .exe's on my flash drive and deleted them all before it could leap anywhere else, and then did the same with the two infected .exe files on my big SATA storage drive.

I know for a fact I'm clean of Vitro now...the OS is working perfectly fine and I can access and update all the security websites that were blocked by Vitro while I was infected. I can also update Malwarebytes and Superantispyware that I couldn't do while infected with Vitro (for all the good they are....as out of those two, AVG and Avast!, only Avast has even found it and named it...let alone kill it).

So I just want to say thank you to the folks at Avast! for being the only one on the market to fight this menace. It seems Symantec, AVG and McAfee don't want to talk about it, let alone try and fight it. Thank you Avast! And I sincerely hope I'm not the last with this menace who has a happy ending.....even if they have to employ a format/install tactic at some point.

Thanks for reading.  8)




Siddha

  • Guest
Re: Malware name Win32:Vitro
« Reply #309 on: July 20, 2009, 10:59:23 PM »
I hope this msg will save a bit of time to somebody out there ^^

The virus _is_ killable; you _do_not_ need to reformat your hard drive.
But prepare for hours worth of checking. And windows reinstall.
In my case the only files got affected were *.exe.
Doesn't seem to touch any images nor mp3's.
Took me abt a night to restore my laptop. + few hrs to recover the software i've lost.
Didn't want to go reformat path since i have over 70 gig worth of documents\images\mp3's i didn't have backups for.

Boot up ur pc. Open up control panel get to device manager - take the screenshot of all devices you've got installed, unless you have all drivers on separate non infected CD. Make sure you have drivers for your network card handy. USB stick maybe not such bad idea, but it might infect things.
Get the XP installer CD out.

Back up stuff you are going to need in a future. If it is software\distributive - archive it or something - chances are it is infected, but you still can use it under VMWare - if it kills OS - doesn't matter - just restore it, takes few minutes in VM.

Run under safe mode. F8 business on initial load.
Start up avast. Chances are, it will find quite a few infected executables in your memory. if it doesn't, well, good on you ^^
Clean up as much as you can. Agree to option - scan prior to OS loading - restart your machine.
That will load up the antivirus check. Delete all the virus cases (ignoring your backup, if you happen to have infected files there. So switching on option "delete all" probably not such a good idea. And don't check the archives at this point in time, no need.)

Chances are, that will destroy your OS. In my case it removed half of executables from program files, couple of dll's (not 100% sure if that was vitro, can't remember at this point), number of key files from %windows% folder.

Reinstall the windows.
Chuck in your XP installation CD, you know the drill.

Install network drivers. Run downloader from avast. This little 300k's file which is available around here.

That should download & trigger install on latest avast release available. Reason, why you do want to download fresh one, is because the one you have probably is infected. So you want fresh install.

Install it. At the end it will offer you memory scan on reboot. Agree to this one.
Run it. Now, that will not kill your OS. Because you just cleaned up all old infected files, and the new ones just got freshly installed. But it will find quite a few infected files out there, in snapshots, system restore points, etc/

Do the full check. This time around, check archives as well.
Just ignore the ones u r planning to use for VMWare.

That's it. In total abt 6-7 hours worth of checking on abt 70 gig worth of data.
Got dual core 4 gig ram lappy.

Good luck repairing, and next time around ensure that u r running real time protection of some sort during _any_ install of _any_ software.

Although - if i'd be you - i'd take ISO image of a hard drive, and play with partitions ones you are fully recovered. So in a future, if you do have a problem such as this one, you can just restore your HDD from hidden partition, and don't have all of these drama.
It's fun though, you get to learn new things abt microsoft creation ^^

P.S> well done avast guys; your antivirus runs successfully on 7 y.o. windows XP SP 1 - unlike AVG and alike - these do require you to upgrade to the SP2+; otherways their software will not run;
extremely impressed, that's the way the antivirus should be created - with the least amount of dependencies to the OS 8-)
the only wish i'd have is - as well as little 300k downloader - would be nice to have the full installer available for public too; so i can grab just that; can be used on cases when PC doesn't have internet access. I still can rip out the setup.exe but me - lazy 8-P

Siddha

  • Guest
Re: Malware name Win32:Vitro
« Reply #310 on: July 20, 2009, 11:06:36 PM »
P.P.S> Avast bug: under russian windows SP1 in safe mode - avast installed w/ russian interface - you have issues with coding - instead of proper alphabet it displays bunch of question marks; try to UTF8 encode it or something.

spg SCOTT

  • Guest
Re: Malware name Win32:Vitro
« Reply #311 on: July 20, 2009, 11:16:37 PM »
Hi Siddha,

Glad to hear of your success,

The full installer is located on the website too, just download the one under the 'universal installation file' in the relavant language to you (you will notice the different file sizes)

-Scott-

Jackel585

  • Guest
Re: Malware name Win32:Vitro
« Reply #312 on: July 24, 2009, 08:45:57 PM »
No idea how long I have had Vitro on my computer, only discovered it because it uploaded a different virus to my computer and I was deleting that when I found evidence of Vitro (hard to do when not using Avast).  So I finally figured out most of what I have to do to get rid of Vitro. I only recently came across this thread (as a result of trying to find even more information on the Vitro Virus). I've spent near 48hrs straight learning what I can about Vitro/Virut. Seems to be some common misconceptions that I would like to clear up since I expect this thread to be getting more views due to the increased spread of Vitro as of the late.

Vitro is not Virut... the names are not interchangeable even though Avast may mislabel them. Vitro is basically a nastier (and as of yet uncurable) "evolution" of Virut. All these "solutions" for Vitro... if they work it means you have Virut and not Vitro. You don't always get it from Warz/Hacks/Keygen sites like first though. Virut ran a course through Myspace, so wouldn't be surprised if Vitro did too.

If you don't have Avast but think you may have Vitro/Virut, get a copy of combofix over to your computer and try running it. If it won't run at all, change the name of the file to something else then run it. After a minute of running if it pops up with a warning that the file was corrupted and tells you that you may have Virut... there you go.

No amount of cleaning, disinfecting, deleting, will remove Vitro, even if you use a Virut cleaner (AVG has one released now separate of their Anti Virus)

The only way to cure Vitro is a complete reformat. I don't mean delete windows and install fresh... First you have to turn off compute completely (with Windows CD in the drive already) so your memory clears since Vitro is memory residual!!! Then start it up and boot from CD. You must also delete your partitions and then re-partition the space you want to install windows on. It is that nasty.

As for backing up your files.... So far it seems that it only spreads through .exe and .src files. Tons of people have reported after doing a complete re-install (most of them having to do it 2 or 3 times before realizing they needed to erase partition and repartition first) they were able to transfer their MP3, Video, and Document files they backed up with external Hard Drive with no problem. I recommend however scanning it with Avast before you do, but should be fine. This means no ZIP/RAR or other archived/compressed files though since they may contain .exe files in them that are infected. As for me (as soon as I get my friend's XP CD since I left mine at my old place) I am hoping to be up and running on my computer instead of fiance`'s soon. For my backup though I backed up onto an external USB Harddrive that had no .exe or .src files on it as to not spread to the drive.

So if you got Virut, and caught it early enough, you are lucky your compute can be saved. If you are like the growing population that got Vitro instead... well you are screwed for the time being and got some reformatting to do.

Offline Omid Farhang

  • Frontend Developer
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Homepage
Re: Malware name Win32:Vitro
« Reply #313 on: July 24, 2009, 10:33:31 PM »
@Jackel585: Welcome to forum :)
but... sorry, not agree at all! (in my personal opinion)
Twitter: OmidFarhangEn - OS: Manjaro KDE

Jackel585

  • Guest
Re: Malware name Win32:Vitro
« Reply #314 on: July 25, 2009, 05:49:42 PM »
@Jackel585: Welcome to forum :)
but... sorry, not agree at all! (in my personal opinion)

Thanks.... but what do you not agree with?