I need help on how to clean win32 : vitro

[Chisomiloks]

This virus is killing me.can avast or system recovery help me.

[cinchez]

Did avast detect the virus or not?

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster.
8. Check if you have insecure applications with Secunia Software Inspector.

[Credits to Tech!^^]

Good Luck^^

-AnimeLover^^

[.: L' arc :.]

(1.) Consider downloading the tools we will need:
        -= Malwarebtes Antimalware
        -= SuperAntiSpyware
        -= TrendMicro Hijack This

(2.) Clear all your temporary files..

(3.) Install the 3 downloaded files.. If installation would not work, something like being blocked, consider renaming the installer as anything that is not related to antivirus, antispyware or security like "monkey.exe" since common viruses could block security related wildcards.. Don't forget to update them..

(4.) Schedule an avast! Boot Time Scan via avast interface --> Click on the upperleft arrow to reveal a dropdown box --> Click schedule boot time scan --> Check "Test archive files" & select all harddisks then select move to chest as default action & ask for confirmation on system files..

(5.) Run Malwarebytes Antimalware.. If MBAM [Mlawarebtes Antimalware] wont run, same thing as the installation, try renaming mbam.exe to something else..

(6.) Run SuperAntispyware.. If SAS [SuperAntiSpyware] wont run, same thing as the installation, try renaming the .exe file of SAS to something else..

(7.) Reboot..

(8.) Run Trend Micro Hijack This & select run a scan & save a log file.. Copy the log file & post here..

[polonus]

Hi Chisomiloks,

Fort the right instructions for handling this dangerous ruining file infector, read here:
http://forum.avast.com/index.php?topic=42709.0
The above recommendations won't help against this, immedeately go to SafeMode, try to safe as much of the Os (scan later with DrWebCureIt) and in most cases there is no other option left as to fdisk - format and reinstall. As sad as it sounds this file infector leaves an OS beyond repair, because it is buggy and random and very, very virulent....
Also be aware that infected material from peripherals, pendrives, cd etc. that has the virus on it will at once bring the file infector back and then you can start from zero again,

polonus

[micky77]

This virus is killing me.can avast or system recovery help me.

Looks like you have the wonderful virut infector.Probably the worst virus to get rid of.Iv'e read of people restoring there pc many times,only to find this horror return.
Personally, I would not waste many hours trying to defeat this.However if you are determined to try, I have just come across a video ( 45 mins   ) I have not seen this video,but I have watched others from this guy. He's enjoyable to watch.He is on Wilders a lot. Anyway have a look. I wish you the best of luck  

http://www.youtube.com/watch?v=FGDl-IMOt1g

[Chisomiloks]

Avast found and deleted it during a boot scan, only for it to return again after a restart.

[Lisandro]

Avast found and deleted it during a boot scan, only for it to return again after a restart.

I know Dr. Web could do a good job, anyway, read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD's:
1. Avira
2. Kaspersky
3. BitDefender
4. F-Secure
5. Dr. Web

[Chisomiloks]

I will try that......

[.: L' arc :.]

-= So how was it after the boot time scan..? Any changes, so far..?

[Cerepukas]

How to Remove Win32:Vitro Manually

Win32:Vitro warning Before we get started, you should backup your system and your registry, so it’ll be easy to restore your computer if anything goes wrong.

To remove Win32:Vitro manually, you need to delete Win32:Vitro files. Not sure how to delete Win32:Vitro files? Click here, and I’ll show you. Otherwise, go ahead and…

Stop Win32:Vitro processes:
Stop ALL of your system’s processes — Win32:Vitro will infect ALL of your system’s processes.

Note: In any Win32:Vitro files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”). If you have any questions about manual Win32:Vitro removal, go ahead and leave a comment.
How Do You Remove Win32:Vitro Files?

Need help figuring out how to delete Win32:Vitro files? While there’s some risk involved, and you should only manually remove Win32:Vitro files if you’re comfortable editing your system, you’ll find it’s fairly easy to delete Win32:Vitro files in Windows.

How to delete Win32:Vitro files in Windows XP and Vista:

   1. Click your Windows Start menu, and then click “Search.”
   2. A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
   3. Type a Win32:Vitro file in the search box, and select “Local Hard Drives.”
   4. Click “Search.” Once the file is found, delete it.

How to stop Win32:Vitro processes:

   1. Click the Start menu, select Run.
   2. Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
   3. Click Processes tab, and find Win32:Vitro processes.
   4. Once you’ve found the Win32:Vitro processes, right-click them and select “End Process” to kill Win32:Vitro.

How to remove Win32:Vitro registry keys:

Win32:Vitro warning Because your registry is such a key piece of your Windows system, you should always backup your registry before you edit it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or value, there’s a chance you may need to reinstall your entire system. Make sure your backup your registry before editing it.

   1. Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
   2. Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
   3. To find a registry key, such as any Win32:Vitro registry keys, select “Edit,” then select “Find,” and in the search bar type any of Win32:Vitro’s registry keys.
   4. As soon as Win32:Vitro registry key appears, you can delete the Win32:Vitro registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”

How to delete Win32:Vitro DLL files:

   1. First locate Win32:Vitro DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
   2. To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Win32:Vitro DLL file is located. If you’re not sure if the Win32:Vitro DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
   3. When you’ve located the Win32:Vitro DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.

That’s it. If you want to restore any Win32:Vitro DLL file you removed, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.

Did Win32:Vitro change your homepage?

   1. Click Windows Start menu > Control Panel > Internet Options.
   2. Under Home Page, select the General > Use Default.
   3. Type in the URL you want as your home page (e.g., “http://www.homepage.com”).
   4. Select Apply > OK.
   5. You’ll want to open a fresh web page and make sure that your new default home page pops up.

Win32:Vitro Removal Tip

Is your computer acting funny after deleting any Win32:Vitro files? I recommend using a program like File Recover from PC Tools. File Recover saves deleted files that otherwise can’t be recovered by Windows operating sytem.

Want to save time finding Win32:Vitro files? Download Spyware Doctor, let it find the Win32:Vitro files for you, and then manually delete Win32:Vitro files.

[mkis]

Its okay. The main points are there.

But there is a bit more to being there and actually doing it.
What I mean is you really have to think on your feet and vary your attack and keep the target(s) on the back foot, unless you happen to be lucky (or early in the play).

And then of course, as long as your computer system is running A1.
Often your own computer can let you down so you're patching up at the same down as your battling the beast.

Edit -- and Safe Mode

[cinchez]

Maybe this will help u bro...

http://www.2-spyware.com/remove-win32-vitro.html

-AnimeLover^^

[mkis]

How to Remove Win32:Vitro Manually

I thought I should add a few more comments here, primarily because the steps outlined in the above post by Cerepukas, while in the first sense basically correct, are not to be taken up lightly. A pre-cautionary warning is necessary. Despite that pointers and guides to most of the above  actions on the registry are readily available in Microsoft knowledge base (kb) articles. The Windows registry being a mainstay of MS operating systems going back to when Bill and his pals were putting together OS to load into the IBM PCs.

Learning the registry can be an immense asset when it comes to putting systems right when they have been infected, or have become corrupted, or have simply run out of good condition and need tuning up. But be warned, one mistake can alter the smooth running of your system forever. While it has never been easier to edit the Windows registry, such a resort is no longer regarded as necessary for the majority of computer users. Windows OS are comfortably run from application level with simple user interfaces covering all needed systems tools. MMC functionality in Administrative Tools is prime example of this. But if you do want to delve deeper, what you will need is patience and resourcefulness. You will need an eye for detail and a keen memory. You will need to be able to think and work fast in areas where one wrong click may put you further back than where you started from.

I first put major time into the registry taking out the damage caused by viral infections rather than taking out the viruses themselves, which thanks to avast were being knocked over not long after an infected PC came through the front door. But, very importantly, these viruses were hardly ever knocked over completely. So some tidy up was necessary most times, and edit of the registry was one part of that tidy up. Nowadays with all the changes taking place and the heightening of viral infestations through iframe and injekt exploits, I doubt whether there are any easy, black and white methods to take out malware anymore. To take out vitro through black and white deletion, you would not only need the patience of Job, but also the insight of Albert Einsten, coupled with the eye and attention of Tim Berners Lee. Nevertheless, the more you engage yourself in malware detection and removal, the more you will need to go to the registry for one thing or another. And bear in mind when you do go there, that the registry is readily accessible in Safe Mode.

Good practice for the registry - where I started - is after uninstalling a program with a removal tool, you might want to remove all remnants of the program from your system. You can do that in the registry as outlined in the post above by Cerepukas - put the program signature (most appropriate title - e.g AVG, Norton, and then next run, Symantec, etc.. - into the Find function under the Edit tab and start removing your finds one after the other - F3 will perform Find Next on most computers). Take care, though, AVG will take you to AVGeneralNotification and AVGrabber, which are entries you do not want to delete. I spent months removing AVG fragments from registries after viruses had splattered themselves at will across supposedly defended systems. And I will never forget. AVG may have cleaned up its act, but I will never forget. Hence, the broadsides I throw at AVG antivirus every now and then. And I wasn't alone. There were a few of us batting it out at the time, when no thanks at all AVG was just getting bigger and bigger. But I digress. The registry. Don't go there. That's what I tell people. Best advice you could ever give them. But if you have to go there, good practice is to build time there by taking out remnants of Norton / Symantec (especially) after you've first used their removal tool. Get to know your registry editor and how to differentiate between parts of register (which is the record of your computer). There is lots of good stuff in Microsoft Help and Support (Explorer) as well as in kb articles and the like at microsoft.com (Internet Explorer). But you don't need all that to clean out remnants of uninstalled programs, what you need is not to make any mistakes, that's what you need. So learning removal routines is good practice. You will also need to learn about permissions, which Cerepukas has not mentioned in the steps above. Some entries will not delete unless you change permissions, and even then will not delete, so you try in Safe Mode, and then still will not delete, so you go to Safe Mode with command line (or Run, type cmd in Normal Mode), in which case you are reaching the last resorts of the last resort that the registry has come to be rightly regarded as. Very good point above, though, where the use of command line has been outlined amongst the steps to take because you will sometimes need to resort to this final avenue when caught up with a particularly sticky file or registry entry. But all in all, do practice with removing leftovers of common programs that you have uninstalled, as a relatively safe way of getting to know the registry. I recently removed leftovers of the Nero suite after an uninstall, and that's quite an intensive task in itself. There are a lot of entries to work through and its all exhaustive manual work. And you don't need to do it. Many techs would tell you not to bother at all, what a cleaner doesn't get, doesn't really matter, your system just ignores all those leftover bits and pieces. Which is also true. (In some cases with antivirus programs, I believe manual clean of registry does matter. Obviously). But if you think you have to, then build up time in there bit by bit, and the best way to do that is through learning good practice as you go.


Other than that, I'm not so sure about this step --- How to stop Win32:Vitro processes:

Others in the forum may offer more guidance. I don't often edit through Task Manager, although I have done so, mostly following a directive from some Microsoft kb article or similar, where all the signals are proving correct. Usual I only check Task Manager to see whats up, or to see that changes I have made are working proper, and things are returning to normal. More to check performance, really. But others posting to the forum may offer more about Task Manager, or add something to anything else that I might have said in this post.

[Chisomiloks]

I did system recovery,reinstalle avast and updated it.Put all my files back including setup file and did a boot scan and the virus is nowhere to be found. Does this mean i am safe? Or that the virus is still there but cant be detected?
How can one knw if he has this deadly virus?

[mkis]

If you provide some more details about your system for the forum Chisomiloks --

What operating system do you have? -- service packs? -- are you fully updated with Windows?
If not, what state Windows has system recovery returned your computer to?

What is your browser?
Do you have firewall?

Download the following anti-spyware programs to a folder in program files and run scans --

SUPERAntiSpyware Free    http://www.filehippo.com/download_superantispyware/
Malwarebytes' Anti-Malware  http://www.filehippo.com/download_malwarebytes_anti_malware/