Author Topic: Why Avast! can't deal with Virut ?  (Read 11832 times)

0 Members and 1 Guest are viewing this topic.

A-Vaste

  • Guest
Why Avast! can't deal with Virut ?
« on: December 06, 2009, 10:34:54 AM »
My system has been infected second time in three months and Avast! is powerless to get rid of this.
I think i'm gonna stop using Avast!. That's all.
Have a nice day.

cinchez

  • Guest
Re: Why Avast! can't deal with Virut ?
« Reply #1 on: December 06, 2009, 10:44:26 AM »
Virut has been updated many times and thus is up to date...

Even the most updated AV is getting a hard time dealing with this nasty file infector^^

Removing this would be based on luck...Probably the success rate of getting rid  of this virus is about 5%...

Best option would be a reformat..^^

-AnimeLover^^

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: Why Avast! can't deal with Virut ?
« Reply #2 on: December 06, 2009, 10:58:44 AM »
Virut / Vitro is extremly difficult to remove, Many Tec`s advice to Reformat

Virut and other File infectors - Throwing in the Towel?
http://miekiemoes.blogspot.com/search?q=virut

Dealing with the dispicable Vitro / Virut (Win32.Virut) polymorphic virus
http://technosopher.wordpress.com/2009/04/21/vitro-virut-win32/

Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en
Dr.WebCureit http://www.freedrweb.com/cureit/

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Why Avast! can't deal with Virut ?
« Reply #3 on: December 06, 2009, 11:02:30 AM »
Virut belongs to a family of destructive polymorphic infectors. Basically, they are designedt o change their names and file properties slightly each time they run, making it extremely hard for most applications to run a successful detection and removal/cleanup routine.

Prevention is the absolute best step, no matter what AV is used, as +AdDicT+ has indicated.
Prime among prevention would include the use of a script blocker, or manually disabling/prompting scripts (or Firefox with NoScript), making sure that all software is up to date, Second might be the use of a two way firewall and using a program or procedure that blocks known malicious sites. Such as a hosts file or SpywareBlaster, (by Javacool).

But you probably already knew that.
Do you know how you got this?
And do you actually want some help, or did you just post to rant?
Windows 10,Windows Firewall,Firefox w/Adblock.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: Why Avast! can't deal with Virut ?
« Reply #4 on: December 06, 2009, 11:09:46 AM »

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Why Avast! can't deal with Virut ?
« Reply #5 on: December 06, 2009, 11:19:37 AM »
PS, if you got it from a USB device, AutorunEater is a useful application to prevent the transfer of malicious content.
There are various other flash protection - type applications.
They seem to have evolved since most of the above linked articles were written.

I don't know how effective they are at preventing virut, though, having never come into contact with it.

Autorun Eater
Windows 10,Windows Firewall,Firefox w/Adblock.

A-Vaste

  • Guest
Re: Why Avast! can't deal with Virut ?
« Reply #6 on: December 06, 2009, 11:22:33 AM »
Virut belongs to a family of destructive polymorphic infectors. Basically, they are designedt o change their names and file properties slightly each time they run, making it extremely hard for most applications to run a successful detection and removal/cleanup routine.

Prevention is the absolute best step, no matter what AV is used, as +AdDicT+ has indicated.
Prime among prevention would include the use of a script blocker, or manually disabling/prompting scripts (or Firefox with NoScript), making sure that all software is up to date, Second might be the use of a two way firewall and using a program or procedure that blocks known malicious sites. Such as a hosts file or SpywareBlaster, (by Javacool).

But you probably already knew that.
Do you know how you got this?
And do you actually want some help, or did you just post to rant?
Actually i need help. And i'm kinda desperate and disappointed too because im using my favourite antivirus over 4 years and now Avast! can't deal with that virus.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Why Avast! can't deal with Virut ?
« Reply #7 on: December 06, 2009, 11:36:22 AM »
Sure thing.
I am sorry, but looking at the links posted above by Pondus, it really looks as though a format and reinstall is your only option. Any USB devices used should also be considered as infected.
In addition to the general prevention tips listed (and linked) above, a good backup and recovery strategy should be used. There are some suggestions for the use of imaging programs in this thread.

If you read the description in the first two links posted by Pondus, you will see why the virus can not be fixed. There is also a list of file types that must not be backed up, once an infection has occurred; they must be considered as infected.
I'd be disappointed, too.
It sounds like a terrible infection to have.

[edit to add:] it seems even those tools specially designed to remove it are not that effective, but you could always try them if you want.
« Last Edit: December 06, 2009, 11:38:32 AM by Tarq57 »
Windows 10,Windows Firewall,Firefox w/Adblock.

micky77

  • Guest
Re: Why Avast! can't deal with Virut ?
« Reply #8 on: December 06, 2009, 01:52:24 PM »
Your pc is infected beyond repair, accept it.Any other devices that have been connected, will also be infected.( flash drives/hard drives ) There is no cure for this.
Read the link by Pondus and reformat and reinstall.
Virut usually comes in cracks/keygens, be honest, is this how you got it ? Its payback from the manufacturers, for people trying to steal their software. If this is how you got it, next time run your downloads in Sandboxie, and scan your sandbox with Avast, Drweb and Kaspersky online scanner.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Why Avast! can't deal with Virut ?
« Reply #9 on: December 06, 2009, 02:09:32 PM »
I would not say that Avast does not work.  I have recently had a case where Avast killed the infector file before it could run

Quote
C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\11.exe Win32:Vitro
C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\12.exe Win32:Vitro
C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\13.exe Win32:Vitro
C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\14.exe Win32:Vitro
C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\15.exe Win32:Vitro
C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\16.exe Win32:Vitro
C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\17.exe Win32:Vitro
C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\18.exe Win32:Vitro
A more detailed scan revealed no sign of Virut on the system - but this is an older version of the virus.  Remember we are playing catch up all the time.  Virut generally comes loaded with cracks and keygens - so if you download that type of file you are asking for trouble

ladygaga345

  • Guest
Re: Why Avast! can't deal with Virut ?
« Reply #10 on: December 07, 2009, 11:40:45 AM »
Hey
Ive Got Infected With Win32:Sality (from a USB stick) then it turned of my fire wall but i turned my fire wall on again then the virus stop spreading and avast remove it(avast recommend a boot scan on it) certainley it leaves some little damage on my system.

But Just a little little damage.but so on avast remove it and after avast remove it i search for more information on that virus and ive just found that it drops some regestry entries so i follow those paths and delete the registry entries.The discription i found about the virus that it got the ability of overriding the firewall and anti virus but it fails on overriding avast but it success on overriding my firewall(windows Firewall).i think really is avast is such a strong antivirus.Then I downloaded the safemode registry entries(coz the virus delete safe mode on my pc).

when i do the boot scan it just infected a few .exe files that can be restore and 1 windows .exe file
then i scan my system with MBAM then Dr.Web Cure It
and my pc got CLEANED (im not really sure if its 100% clean :P).
but tnx to avast!!!!!!!!!!tnx AVAST!!!!NO.1

A-Vaste

  • Guest
Re: Why Avast! can't deal with Virut ?
« Reply #11 on: December 08, 2009, 12:08:40 PM »
Hey
Ive Got Infected With Win32:Sality (from a USB stick) then it turned of my fire wall but i turned my fire wall on again then the virus stop spreading and avast remove it(avast recommend a boot scan on it) certainley it leaves some little damage on my system.

But Just a little little damage.but so on avast remove it and after avast remove it i search for more information on that virus and ive just found that it drops some regestry entries so i follow those paths and delete the registry entries.The discription i found about the virus that it got the ability of overriding the firewall and anti virus but it fails on overriding avast but it success on overriding my firewall(windows Firewall).i think really is avast is such a strong antivirus.Then I downloaded the safemode registry entries(coz the virus delete safe mode on my pc).


when i do the boot scan it just infected a few .exe files that can be restore and 1 windows .exe file
then i scan my system with MBAM then Dr.Web Cure It
and my pc got CLEANED (im not really sure if its 100% clean :P).
but tnx to avast!!!!!!!!!!tnx AVAST!!!!NO.1
You can't follow these paths because they don't exist. What are you going to say when you see something like ...system32/33.scr , system32/88.scr infected? You can't move it to chest,nor rapair. The error message i got from Avast! is something like "This file cannot be removed because it is being used by another process".The only way is to try to delete it and after that move it to chest. But after few minutes it creates another fake location.
I think that Vitro cannot be removed.

A-Vaste

  • Guest
Re: Why Avast! can't deal with Virut ?
« Reply #12 on: December 08, 2009, 12:10:28 PM »
And yes. It's truth. I've tried to download keygen.

cinchez

  • Guest
Re: Why Avast! can't deal with Virut ?
« Reply #13 on: December 08, 2009, 01:34:05 PM »
Well, Vitro, Virut, Sality infect files after another...

The error message, "...cannot be removed because it is used by another process", is nothing in particular for the infected file is a legitimate file^^

As I said, removing or disinfecting is futile...Reformat is, I think, the best option^^

-AnimeLover^^

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3695
  • If at first you don’t succeed; call it version 1.0
Re: Why Avast! can't deal with Virut ?
« Reply #14 on: December 08, 2009, 10:58:46 PM »
Quote from: A-Vaste
..<The error message i got from Avast! is something like "This file cannot be removed because it is being used by another process">
For malware that can usually be dealt with, a boot scan is usually the recommended procedure, as it can delete the file before the OS loads. Or a scan with MBAM, which will offer to remove detected malware on restart.
Not the case with this file infector, sadly.
Windows 10,Windows Firewall,Firefox w/Adblock.