Howdy malware fighters,
I just sat out this extremely long video and have a couple of remarks to make about the cleansing routine as it was presented there on top of what caution our good friend essexboy brought to the thread (I nearly put there to the table). Remember the man who presented this video is a professional malware analyst and I think qualified eliminator. This routine is not for the average user, who probably could make head nor tail of all the magic performed and would shy off. Some issues were not properly explained as well. The surroundings were an experimental minimal VM isolated test surrounding, completely taken offline at times and fully sandboxed.
I would not like to have virut dance in any other theatre either. Then the man also had a go at the virut file infector with ComboScript. As what I saw was taken down right well, he started to cleanse out in two strikes through a boot up from a DrWeb live CD (this is no new method to attack virut, it is propagated elsewhere).
Then he had a go at the rest and the infected processes with Comodo AV + FW (this demands a lot of pre-knowledge of what to terminate, kill and reintroduce. What was a good tip was that on further cleansing with an updated MBAM quick scan - he did the cleansing in bits after encountering a crash.
The final bit was detecting the proxy file and restoring the normal connection and the blocking of the malware sites. He did not tell about the normal theatre where one has infected backups, various additional temporal cleansing to do and other inconsistencies to be dealt with plus the enormous danger to reintroduce the infector from peripherals etc. Impressive, but do you like to know what I really think this is: "Art for the art of it!",
polonus
