Author Topic: Malware name Win32:Vitro  (Read 340182 times)

0 Members and 2 Guests are viewing this topic.

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3054
Re: Malware name Win32:Vitro
« Reply #345 on: September 09, 2009, 06:08:23 AM »
Hello marasgal,

please start a new topic in viruses/worms forum. click start new topic(right corner) and post your topic.

marasgal

  • Guest
Re: Malware name Win32:Vitro
« Reply #346 on: September 10, 2009, 01:22:32 AM »
im sorry, I meant to explain that most of those Viruses I found was the Win32:Vitro Virus Sorry about not adding that.

xxemoxx

  • Guest
Re: Malware name Win32:Vitro
« Reply #347 on: October 30, 2009, 01:13:05 AM »
OK so i know this topic is old, and such, but I have some very important data on my old Comp which I know for sure has winvitro:32 on it :(

I have since bought a new laptop, but I need my photo's buisness docs and .xls files along with some other tax information and mp3's/video stuff.

This stuff is irreplaceable and would take forever to reconstruct.  I do have some stuff externally backed up, but not everything as we only back up once every 45 days or so and this happened literally 2 days before I was going to back up. 

Is there a fix out yet for XP short of a full wipe?!

If there is no fix out, what is the best was to recover my important data?!  I know .exe and and ini/inf files are out as well.  I have also heard not to touch html.

My question is if i took out my hdd placed it in an external case, then got a second external, linked the 2 togehter via either a library PC or even a Mac and transfered my needed data would that be a good start?!

Please any help apperciated.

BigJohnD

  • Guest
Re: Malware name Win32:Vitro
« Reply #348 on: November 10, 2009, 02:41:46 AM »
xxemoxx, my AV (Avast! and then Avira) indicated that only *.EXE files were infected, though there were over 600 of them.  Vitro and/or Virut are vicious.

I removed the drive from the PC and attached it to a standalone PC from where I deleted all the infected files.  This took some time, and I ran several malware and AV apps untill they all showed clean.  I copied data from the previously infected drive to a 16Gb USB flash drive (big enough for my needs), constantly checking to make sure that nothing was infected.

I bought a new HDD and reinstalled Windows and my applications, recreated the user accounts and transferred the data from the USB flash drive - again running AV in (Read and Write modes) and Malwarebytes to ensure everything was clean.

So far, so good, fingers crossed, and although I have FDisk'd and Formatted the original driver, I am still sufficiently suspicious of it not to be using it.
« Last Edit: November 10, 2009, 02:43:21 AM by BigJohnD »

stdedos

  • Guest
Re: Malware name Win32:Vitro
« Reply #349 on: December 10, 2009, 01:06:44 PM »
Well ... I've been having the same old problem this thing (although McAfee STINGER reports it as Virut.n.gen Avast! says it is Win32:Vitro). I've read almost half of the post, when I quit reading it ... After seeing something to what I've done (afterwards), I decided to post ...
So let me tell you a little bit of a story ...

This laptop operated for about 3 - 4 days with the virus. In the beginning, it cut IE with addons off, then updates wouldn't be downloaded, rundll32.exe would crash, and everything else collapsed afterwards ...

Now, nothing can boot next to the login screen ...

I had a UBCD built in 09-Sep, I run it, using STINGER / Avast!Virus Cleaner / Avira
Avast! was unable to track anything down.
Avira tracked a whole lot of viruses/Trojans, but nothing was fixable.
STINGER suprisingally, traced the Virun.n.gen, and could repair them.

So, I first run STINGER which cleansed the heck out of more than 1700 *.exes (I couldn't save the logs ...  >:()
Then Avira found 2 traces of the virus, plus a lot of Trojans, everything quarantined (Full quarantine was copied over to a Hidden TrueCrypt volume prior to shutdown, flash memory was thouroughly checked + runned FlashDisinfector) - (Full log is pertained and attathced  :))
Finally, Avast! couldn't trace a thing ...

Nevertheless, prior to copying over explorer.exe (because I can't find it anywhere on the OEM Disks), I tried to boot the system ...
No difference whatsoever, everything kept crushing - but the Microsoft Report Program kept "Searching for solutions" ...
I rebooted with UBCD, I searched everything, from tip to toe with these programs (well, yeah, outdated - but I can't get the internet support up and running and I don't know why ...) but nothing else pops-up (Joke/Stressreducer only and I know this program)

So ... any suggestions? Because this system is not mine, I would prefer to keep it as intact as possible ... and complete format is almost out-of-the-question (OEM system, with internal repair partition). But I'd like to hear any aspect of solution ...
« Last Edit: December 10, 2009, 01:20:40 PM by stdedos »

Dr. Kosher

  • Guest
Re: Malware name Win32:Vitro
« Reply #350 on: December 17, 2009, 06:49:11 AM »
Hello everyone, Dr. Kosher here...

First off, let me start by saying that I've been using and trusting Avast! Antivirus for four years and am very satisfied with what Alwil Software has provided since.  Last night, I found this forum via Google through my five-year old Toshiba Satellite A45-S150 after researching this particular virus, because two days ago, my two-month old Dell Precision M6400 was infected by the Win32:Vitro and Win32:Walivun worms, amongst a few others I cannot recall the names to.

I will say that simply reformatting and reinstalling my Operating System [Windows XP Professional] has not solved my problem, since I discovered that the viruses in question are deeply rooted in the internal registry of my Dell's hard drive.  While I am computer saavy and know how to solve most computer-related problems, this, I'm afraid is one of those I cannot solve on my own, so, tomorrow I am taking my Dell to a computer repair service I've known for a little over a year now.

Words cannot describe how much this aggravates my anxieties, especially since this is one of those looming problems that just won't go away. This has me to the point where I'm almost afraid to insert my external hard drives into either my Toshiba laptop or my four-year old desktop, despite having them scanned through Avast! with no inkling of this nasty virus.

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
Re: Malware name Win32:Vitro
« Reply #351 on: December 17, 2009, 06:54:00 AM »
BOOT SCAN :D

stdedos

  • Guest
Re: Malware name Win32:Vitro
« Reply #352 on: December 17, 2009, 09:39:57 AM »
Yes! This is the solution ... :D

But first ... make sure you cure-up the most ... That is use Dr.Web CureIt or McAfee Stinger ... (Too bad avast! can't do it on it's own ... :() and save everything else in the quarantine for the eternity (AKA, next format)

Beyond that, more malware alerts will still pop-up (related or not) ... Immediate boot scan, with system file transfers allowed to be transfered to quarantine ...

I hope that avast! will include a fix function ... anyways, run a VM, and fix them in there ...

I hope I helped anyone who read this ... I saved the laptop ... Hooorayyy!

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: Malware name Win32:Vitro
« Reply #353 on: December 17, 2009, 12:30:42 PM »
This is ludicrous stdedos. The forum is here for people who have problems with their computers. A ridiculously small amount of people by any regard (for one example, compared with the amount of people who use avast antivirus brand). On top of that, not all the people here actual have problems with their computer. Some just want to learn things. Further to that, even less again have the problems you have. I have never had any problems that compare with the ones you seem to have. So when speaking your anecdotal situation, you are providing us forum members with some possibly useful info, but you are also telling us that you have got yourself into situations that we tend to avoid. Similarly, you are implying that you follow you're own advice regardless. For this reason, I expect you will continue to end up in the same old situations whether you use avast as your antivirus option or not. You do nevertheless have the benefit that this will still be a learning experience in spite of all else that you might do for whatever you might think is correct.
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

stdedos

  • Guest
Re: Malware name Win32:Vitro
« Reply #354 on: December 17, 2009, 03:30:55 PM »
This is ludicrous stdedos. The forum is here for people who have problems with their computers. A ridiculously small amount of people by any regard (for one example, compared with the amount of people who use avast antivirus brand). On top of that, not all the people here actual have problems with their computer. Some just want to learn things. Further to that, even less again have the problems you have.
I actually had a problem with my computer, you may read above which it was. But I seem unable to get to understand your point to that … this is a virus troubleshoot forum, whether you got a problem or you want to learn about malwares ect … I knew all the way back when I posted about that …

I have never had any problems that compare with the ones you seem to have. So when speaking your anecdotal situation, …
Anecdotal?!? Why is that?
First sentence tells me you’d reckon this was a hard one … in the end, you mention anecdotal … why is that?

… you are providing us forum members with some possibly useful info, but you are also telling us that you have got yourself into situations that we tend to avoid.
Well ... I thing every success can teach you something good …
Bu what do you mean with “we tend to avoid”?

Similarly, you are implying that you follow you're own advice regardless.
No … while you may think of that, I had first already began with the restoration, without any assistance, because I wasn’t aware of the great impact Win32:Virut had done plus I thought this could be easy. Second, I mention that afterwards I’ve read a whole lot of 13 pages of replies, and I had taken the same actions more or less … That is, I wasn’t aware of the Dr.Web CureIt.

For this reason, I expect you will continue to end up in the same old situations whether you use avast as your antivirus option or not.
Well no … Avast! was the one that revived the pc … I got hold of other serious issues when I got the change to install it in a Safe Boot environment … but for this, I had to fix some exe files so I could actually boot …

You do nevertheless have the benefit that this will still be a learning experience in spite of all else that you might do for whatever you might think is correct.
Yeah, it is! Create updated UBCDs often and for Godshake … schedule a boot scan!  ;)

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: Malware name Win32:Vitro
« Reply #355 on: December 17, 2009, 04:51:29 PM »
Anecdotal meaning your own situation that should not be taken as the norm for all of us who have had good experience working with avast as an antivirus. Perhaps I was a bit harsh. I apologize for that, and you did well to save your laptop. As a prevention tool avast! antivirus is probably best performance wise, and in this role enables a stable desktop that other cure-it type tools and utilities can build upon. And worth repeating that an ounce of prevention is worth a pound of cure. I think perhaps you right that sometimes will have to run the cure-it tools to unclog the system (anti-rootkit is also good example) and running bootscan when cleaning up at the end.

Generally I run bootscan early in process. With client computer not knowing what might come across, good chance with virut if can remove existing AV (use Revo) and load avast in Safe Mode, and run bootscan even before have run computer in Normal Mode. Can be off to a good start, and even perhaps quick fixit. Better chance anyway. Run bootscan at the end is bit superfluous though still good policy to do so. But you right you have good learning experience with virut. Perhaps I was bit harsh. I was coming to defence of avast as antivirus.
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

stdedos

  • Guest
Re: Malware name Win32:Vitro
« Reply #356 on: December 17, 2009, 05:41:33 PM »
Anecdotal meaning your own situation that should not be taken as the norm for all of us who have had good experience working with avast as an antivirus.
I use avast! on my desktop and I have no issues ...
Well … my sister was kind of reluctanant in leaving her PC to me so as to uninstall the outdated Norton trial and installing Avast! … She thinks that she won’t get infected, one PC among billion others … well, she used to think …  ;D 

Perhaps I was a bit harsh. I apologize for that, and you did well to save your laptop. As a prevention tool avast! antivirus is probably best performance wise, and in this role enables a stable desktop that other cure-it type tools and utilities can build upon. And worth repeating that an ounce of prevention is worth a pound of cure. I think perhaps you right that sometimes will have to run the cure-it tools to unclog the system (anti-rootkit is also good example) and running bootscan when cleaning up at the end.
I think so too! I fully agree, but the only think that I didn’t like was the lack of repairing … I see the option, but I hate it when I can’t simply use it … (But I found a way to come around this, with other programs …)

Generally I run bootscan early in process. With client computer not knowing what might come across, good chance with virut if can remove existing AV (use Revo) and load avast in Safe Mode, and run bootscan even before have run computer in Normal Mode. Can be off to a good start, and even perhaps quick fixit. Better chance anyway. Run bootscan at the end is bit superfluous though still good policy to do so.
Well I’d consider doing so … but when I got hold of it, I could do nothing much but boot the UBCD I had, outdated … so, I could do this, only after I had made a prior fix … Which, as of now I do not regret, because if I had done otherwise, I would be simply unable to boot it, due to the vast number of infections (more than 1750 fixed).
Well, superfluous as it may seem, I got hold of extra Trojans, Win64:Virut (!!!) and others … and yet, in a few days I had to catch another 5 infections, not including the 3 infections in a second boot-time scan …

But you right you have good learning experience with virut. Perhaps I was bit harsh. I was coming to defence of avast as antivirus.
Well … apart from the not-fixing part, I do not have any other issues on Avast! … It helped me in a hard time, and this makes it from now and on my standard (it always was, but now I won’t change it at all)

Dr. Kosher

  • Guest
Re: Malware name Win32:Vitro
« Reply #357 on: December 17, 2009, 08:51:58 PM »
I'd like to add in my two cents and an update with my Dell Precision M6400 Laptop.

First, my two cents:  In all the years that I've used computers, it's been quite a learning experience with what I've gathered on my own or through the aid of friends that knew what to do during my time of need whenever I had an issue I could not take on, on my own.

Because of this, I've been able to help friends with both the minor issues, such as a miscommunicating printer to more seious issues, such as Hal.dll going missing or corrupt.  However, while I do have experience with most issues there are some issues that I have yet to encounter or figure out on my own.

Now for my update:  My Dell is in the shop getting its hard drive completely nuked and I'll more than likely see this laptop tomorrow afternoon, assuming that everything goes well.

[Update:]  I took my Dell Precision M6400 Laptop to the tech shop yesterday morning and got a call from them later that evening to tell me that the viruses and worms were removed from my hard drive's internal registries and discovered that 817 infected registries were successfully removed from my Dell's internal hard drive.  So, today, I got my Dell back from the shop with a severely impaired, non-functioning operating system.  After three and a half hours of re-installing Windows XP Professional, my associated drivers, frequently used programs and uploading my mostly accessed files to my computer, all is well again. 

I think this has to be the worst computer-related problem I've had the displeasure of experiencing and I have decided to save up for a Hard Drive Enclosure in the event I re-experience malware that survives a simple hard drive format.
« Last Edit: December 19, 2009, 06:53:07 AM by Dr. Kosher »

Alex4273

  • Guest
Re: Malware name Win32:Vitro
« Reply #358 on: December 21, 2009, 10:22:10 PM »
Hello!
Like many of the others in this thread this virus was the reason for me starting posting. The information here has been tremendously helpful, but I need clarification one one particular thing:
What are the file formats Vitro specifically targets? As I see it so far it's:
- .exe
- .html
- probable .mp3?

Are image and ms office files affected? Those are what I mainly need to save.
Thanks!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Malware name Win32:Vitro
« Reply #359 on: December 21, 2009, 10:28:51 PM »
Here is the latest list of possible re-infection vectors

DO NOT backup any applications or installers and DO NOT backup any files with the following extensions:
  • .exe
  • .scr
  • .htm
  • .html
  • .xml
  • .zip
  • .rar