Need some advise about Win32:Virtob

[Northeast]

Hi Guy's, I was searching through the internet about three weeks ago and my Avast virus scan picked up a virus name Win32:Virtob and then I put the file in the chest. Then every time I get a virus I rescan my computer, so I scan my computer with Avast, DoctorWeb cureit and bit defender free edition and those virus scan's didn't find any virus and I was wondering if my computer is still hidden or infected by this virus.

But my computer is working fine with no problems. The virus was located in the system:

C:windows\system32\bmcjq.exe

So I left the infected file in the chest for 2 weeks to see it my windows had any effected and then I deleted the infected file which I think could be a mistake, but my computer works fine, but Im still worried if it is still in my computer or could it effect my computer later on or should I format my pc to be sure.

And one more question Avast virus scan pick up the virus Iframe-inf from a website, so Avast told me to abort the website so I did and I went to scan my pc again and no sign of that virus in my computer and I was wondering if my pc is still safe even when my avast, docweb and bit defender virus scan say's it has no viruses in the system.

Sorry for the long post guys.

     

[fireforce]

If avast said it blocked the site, you are prob safe from that one at least. But a scan can never hurt. If you are worried something is hiding itself, like a rootkit, perhaps boot from a rescue cd with up to date virus defs and scan from there. The rootkit would not be running and thus could not attempt to hide itself.

[Omid Farhang]

well, there are no problem about your post, it's not so long

about questions:

first I must say, avast! has done its own job very well and protected you from being infected. so don't worry and enjoy your safety!

the iframe is not dangerous for you, because avast! protected you and did not allow it to attack you.


now, if you think maybe avast! has missed any threat, what I think would not happen!!, you may try another AV engine to scan your computer, to do it, you can give Avira Rescue System a try and let it scan your computer.

The Avira AntiVir Rescue System a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer. The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available. You can download it from here.
After burn it to disc, use it to boot your computer and do a full scan and remove anything that it find.

and then after that, it's always recommended to have at least 2 Anti-Spyware in your computer installed beside avast! to use them as on-demand scanner.

Download, install and update these programs:

Malwarebytes Antimalware: http://www.malwarebytes.org/mbam.php
SUPERAntiSpyware: http://www.superantispyware.com/
SpyBot S&D: http://www.spybot.info/

scan your computer using them, also try to immunize your windows using SpyBot S&D. During installation of SpyBot S&D disable all residents.

Good Luck.
feel free to ask future questions too.

[Jtaylor83]

Not happy to say this, but you may need to re-scan your whole PC to make sure they're not infected, otherwise you would need to format and reinstall. Win32:Virtob is a very dangerous file infector with some additional features. It will connect you to an IRC network called "Virtu" and your PC will become part of a zombie farm (in other words, it will start sending spams once it's infected).

[Northeast]

Hey thanks for replying to my message guys. I just scan my PC a couple more times with Avast, Dr web, bit defender 8, and other anti spyware programs like superantispyware, spy bots, ad aware, A Squared, malwarebytes, spyware blaster and those programs found no viruses or any Win32:virtob and no spyware except for tracking cookies and A Square did find 2 registry files that i quarantine but not sure that i will delete it that later on.

And thanks Omid I did download antivir rescue disk burn into a disk and run it and it found no viruses but it did reply on some warnings on some system errors which I did not know what the errors mean. And I did a boot scan with Avast and that too did not find any viruses but it also did warn me of some errors too like a CAB archive is corrupted, but I dont know if that is bad or not.

To Jtaylor83

I did rescan my whole computer a couple of time in safe mode and found no viruses and are there other new ways to scan my pc to make sure my computer is clean from the Win32:virtob I know this virus is dangerous and can stuff up the pc and I want to make sure it is not hidden or still inside my pc in making sure my pc is clean so i dont have to format and reinstall windows all over again which it takes too much time to do. And sorry I couldnt understand about you explained about my computer will become a zombie farm, you mean hackers can attack my computer and start spamming stuff into it.

Also can u guys let me what is the sign of a pc that is infected with a Win32:virtob cos I find nothing wrong so far with my pc, Im just scared that if the Win32:virtob is still in my pc even if the virus scan say's it cannot find a virus.

And one more thing I also scan my pc with this AVG file called virut remover and that found no virut on my pc but bit defender 8 virus scan said it found a trojan horse in that file which seems odd and it was from AVG but I quarantine it.
     

[Jtaylor83]

I'm glad your system is clean. I don't think a rescue disk is necessary if you quarantined a virus, but you should keep one onto your CD in case of further infections that may disable anti-viruses.

[Northeast]

Hi sorry guys to bring this post up from the past but I just read some information on this virtob/virut virus and it is a nasty virus which I didn't know the virus was that bad.

Can someone provide me with more information as if I am clean from this virus (as avast, bitdefender and dr web say's I am as it is not detecting any virus for 3 months) so i did not format my computer, can someone that is an expert in this virus field can let me know if I am still safe from this virus after getting rid of it, as does this virus leave a backdoor trojan, spam my computer or hides other virus that an antivirus cannot detect.

And do you think my computer requires a format just in case if anything is hidden.

thanks for your reply's.   

[Mr.Agent]

Tracking Cookies are no dangerous if you want u can let them left.

[John2009]

I don't think a format will be needed. Just thank the lord and the ALWIL team that Avast blocked Virtob/virut because it's one hell of a virus I've heard.

[driv4r]

Hi, that's my first post here!   Just thought I'd confirm sth as it seemed to be a rather nasty virus...

To the point. I had this Win32:Virtob virus and also Win64:Virtob (and a couple of others) in my Win XP PC yesterday. Well, at first I just ignored it, it might actually have been in my computer for at least a couple of days, it defo existed a day before but I ignored it.

Anyway, it infected loads of files on my hard-disks (2), during the first scan (after I realized it was a real threat) avast! detected over 2000 infected files including many Windows files, various program files etc, majority were quarantined. They were just normal executable and other files that had been infected by this Virtob thingy, that's why I didn't take it seriously and thought there was nothing to worry about first. Soon after this scan I also did the start-up scan, which found 835 infected files, most of them were deleted, 2 quarantined.

After that I have run a quick-scan and it found only 1 infection, which wasn't Virtob. Full scan is currently running and didn't find any viruses on one of the HDDs, other one is still being scanned without any findings so far (almost done).

Do you think the system is safe now? Also, due to loads of files being deleted 1 of my Windows installations is not working at all and other one is not working very well, so I'm think about repairing the Windows or using a system restore point to go back in time...

Cheers,
driv4r

[Pondus]

@driv4r.....when needing help you start with posting a new topic....and not posting in a topic from 2009.

you find the "new topic" button in top right corner here (when logged in)
http://forum.avast.com/index.php?board=4.0


you find Essexboys guide to follow here
http://forum.avast.com/index.php?topic=53253.0



and since you seems to be infected with virtob....also called virut....possible the worst fileinfector created, the soultion is usually format/reinstall

Virut and other File infectors - Throwing in the Towel?
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

so I'm think about repairing the Windows or using a system restore point to go back in time

it is not that easy...it will not remove the infection

[Maxx_original]

it seems to be clean now, because there was only one file (the initial infector/dropper) and an early blocked connection (virut infects web pages with its own iframe that we detect).. btw: Win32:Virtob is one of virut generations cleanable/curable by avast

[driv4r]

Well, as much as I have seen on other forums it's not the best idea to create a new thread on a subject that's already been discussed before, especially when you are a noob (veterans would tell you to search first before creating a new topic and smash you).

Anyway, on topic... The full scan did find 3 viruses on my 2nd HDD in the end, all of them were Win32:Virtobs in System Volume Information folder (restore points' files I think) and all were quarantined. Today in the afternoon I ran a full start-up scan and it didn't find anything anymore, so I think it's gone now!

But I want to restore the Windows not because the infection itself but because loads of files have been deleted due to it, so 1 installation can't even be logged in now, other one (the one I'm currently using) has problems too.

EDIT: Apparently Windows cannot restore itself to any point in past, I tried 4 different ones already. I guess it's obvious as loads of the System Restore files were deleted/quarantined during the battle against viruses. Therefore I gotta repair the Windows, I let you know about the results in the future...

[Pondus]

.....it's not the best idea to create a new thread on a subject that's already been discussed before.....

Discussing a subject....and asking for removal help is not the same thing!

If you want removal help...start a new topic
helping multiple user in same thread will be chaotic....and every fix Essexboy make is different for every computer, even with same infection