Author Topic: Win32 Vitro / Junkpoly (Read 10396 times)

foo fighter · « **on:** March 09, 2009, 09:12:56 PM »

Hi everyone

Like many other people I was crashed with the Win32:Junkpoly and Win32:Vitro.
I re-installed my OS (Windows XP SP2) but the worms come back.
I just installed AGAIN the OS on HD's the first partition .

I have the "idea" to FIRTS of everithing do a boot scan on all the partitions of HD.
The scan is finding (yes, still running) many entries for the Vitro one (and is moving to quarantine).

Then I ask you, doing this (send to quarantine in boot scan) I will be free from this worms definitily?

Lisandro · « **Reply #1 on:** March 09, 2009, 09:26:19 PM »

Maybe... Vitro is a very dangerous infection.
Install XP over the old installation does not solve the problem.
Backup your data and documents and format the disk is the only solution right now.
You can test DrWeb CureIT! before.

foo fighter · « **Reply #2 on:** March 09, 2009, 09:32:54 PM »

Cara, já que tu parece ser brasileiro também, eu vou escrever em português.

É o seguinte, eu não estou instalando o XP por cima da outra instalação.
O que eu estou fazendo é formatar a partição aonde ele estava instalado, e instalar totalmente do zero numa partição formatada.
O que eu NÃO ESTOU fazendo é desfazer minhas partições e criá-las de novo.

Ou seja, eu tenho o meu C:\ recém formatado com o windows recém instalado.
E tenho o meu D:\ aonde estão os backups e outros arquivos.

O que acontece é que várias das ocorrências desse worm foram no D:\
Então o que eu fiz agora foi instalar o windows e já de cara baixar o avast e rodar o boot scan em todas as unidades e partições. E tudo que ele encontrar (e encontrou) mover para a quarentena.

Acredito que assim eu tenha boas chances de me livrar, certo?

Pondus · « **Reply #3 on:** March 09, 2009, 09:42:01 PM »

Or this one, Norman Malware Cleaner

http://www.norman.com/Virus/Virus_removal_tools/24789/

Lisandro · « **Reply #4 on:** March 09, 2009, 10:33:32 PM »

foo fighter, I can read Portuguese of course, but the forum is English only.
About your question, besides avast boot time scanning, run also Dr. Web as I've posted before.
I'm not sure that this will completely avoid infections. Maybe Polonus could give us some help saying if Virut infects only executable files.

gery · « **Reply #5 on:** March 09, 2009, 10:51:14 PM »

Quote from: foo fighter on March 09, 2009, 09:32:54 PM

Cara, já que tu parece ser brasileiro também, eu vou escrever em português.

É o seguinte, eu não estou instalando o XP por cima da outra instalação.
O que eu estou fazendo é formatar a partição aonde ele estava instalado, e instalar totalmente do zero numa partição formatada.
O que eu NÃO ESTOU fazendo é desfazer minhas partições e criá-las de novo.

Ou seja, eu tenho o meu C:\ recém formatado com o windows recém instalado.
E tenho o meu D:\ aonde estão os backups e outros arquivos.

O que acontece é que várias das ocorrências desse worm foram no D:\
Então o que eu fiz agora foi instalar o windows e já de cara baixar o avast e rodar o boot scan em todas as unidades e partições. E tudo que ele encontrar (e encontrou) mover para a quarentena.

Acredito que assim eu tenha boas chances de me livrar, certo?

English dude english please

foo fighter · « **Reply #6 on:** March 09, 2009, 11:11:20 PM »

Sorry my last reply (portuguese) people.

I'm translating it now (at least trying

).

I'm not installing XP over a old instalation.
What I'm doing is to format the partition (C:) where the old was installed.
But I'm not deleting and creating the partitions again.

I have the C: just formated with the XP just installed.
And also have the D: where I place my backups and non-system files (movies, music, projects, etc...)

What happens is that many "entries" of theses f***ing worms was in D: (.exe files only).
I installed avast home on the "fresh installed" XP and run a boot scan on every disks and partitions.
And order to move all ocurrencies to quarantine/chest.

I will run the boot scan again (and also the other you mentioned Tech) to verify if another file was infected between the first and second boot scan.

I think if the second scan return no problems, maybe my PC its clear (that's my real doubt).

polonus · « **Reply #7 on:** March 10, 2009, 12:31:11 AM »

Hi Brazilians,

And maybe Tech will translate my posting for you all. This is a virus where we have to hand in the towel, the virus has won period. So it infects executables in such a matter that it has not been demonstrated to cleanse an infected operational system. Whatever executable that has come into contact with the infection can re-establish it or re-infect.
Final conclusion, you loose much more time on cleansing to no avail. Just do one thing fdisk - format - and re-install a fresh Windows installation. A sad thing to perform but for this virus at the moment there is no alternative. It won't even be stopped in normal user mode, only temporarily halted in safe mode,

polonus

foo fighter · « **Reply #8 on:** March 10, 2009, 12:41:14 PM »

If I understand, there's really no way to remove the infections, unless "delete" the partitions and create them again.
Like a new HD from store :-)

Well, if it's almost "impossible" to remove the infections, to HEAL the .exe files = NO WAY, right???

Thanks polunos, Tech and everybody.
And sorry my bad english.

Lisandro · « **Reply #9 on:** March 10, 2009, 12:47:11 PM »

Quote from: foo fighter on March 10, 2009, 12:41:14 PM

If I understand, there's really no way to remove the infections, unless "delete" the partitions and create them again.

Yes, no other way to be sure.

Quote from: foo fighter on March 10, 2009, 12:41:14 PM

Well, if it's almost "impossible" to remove the infections, to HEAL the .exe files = NO WAY, right???

You can test avast at boot time and Dr.Web CureIt to scan the disks, but, the infection seems to return or you're not able to boot the computer...

foo fighter · « **Reply #10 on:** March 10, 2009, 02:36:29 PM »

Quote from: Tech on March 10, 2009, 12:47:11 PM

Quote from: foo fighter on March 10, 2009, 12:41:14 PM
If I understand, there's really no way to remove the infections, unless "delete" the partitions and create them again.
Yes, no other way to be sure.

Quote from: foo fighter on March 10, 2009, 12:41:14 PM
Well, if it's almost "impossible" to remove the infections, to HEAL the .exe files = NO WAY, right???
You can test avast at boot time and Dr.Web CureIt to scan the disks, but, the infection seems to return or you're not able to boot the computer...

I think there's a misunderstanding in my sentence.
I can boot and the infections seems not returning.
What I really ask is: Can't I heal the .exe infected files?
Ex: I'm a software developer, and using MS VS 2008 I create executable files of my projects. Many of theses .exe that I created was infected with the virus. And by what I understand, this files can't be healed, that's it???

Lisandro · « **Reply #11 on:** March 10, 2009, 04:44:25 PM »

Quote from: foo fighter on March 10, 2009, 02:36:29 PM

And by what I understand, this files can't be healed, that's it???

Yes... unfortunately. Avast can detect but can't clean the already infected files.

tonytravolta · « **Reply #12 on:** July 11, 2009, 08:10:20 PM »

Avast & Avira deletes infected .exe files and doesn't repair/clean them.
You can try Eset or Nod32 anti-virus softwares, which may or may not repair/clean the .exe files.

But surely, to repair/clean infected .html files, you can use CA anti-virus, results will show on.

Your response will be appreciated.

Author Topic: Win32 Vitro / Junkpoly (Read 10396 times)

foo fighter

Win32 Vitro / Junkpoly

Lisandro

Re: Win32 Vitro / Junkpoly

foo fighter

Re: Win32 Vitro / Junkpoly

Pondus

Re: Win32 Vitro / Junkpoly

Lisandro

Re: Win32 Vitro / Junkpoly

gery

Re: Win32 Vitro / Junkpoly

foo fighter

Re: Win32 Vitro / Junkpoly

polonus

Re: Win32 Vitro / Junkpoly

foo fighter

Re: Win32 Vitro / Junkpoly

Lisandro

Re: Win32 Vitro / Junkpoly

foo fighter

Re: Win32 Vitro / Junkpoly

Lisandro

Re: Win32 Vitro / Junkpoly

tonytravolta

Re: Win32 Vitro / Junkpoly