Author Topic: WIN32: Vitro Virus (Read 19285 times)

Azure the Homeless · « **Reply #15 on:** May 13, 2011, 07:56:21 AM »

EDIT: oops..made a mistake..

Pondus · « **Reply #16 on:** May 13, 2011, 08:13:18 AM »

Malwarebytes PRO will block file infectors from installing but if you are already infected, it will not scan and remove

Virut and other File infectors - Throwing in the Towel?
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

Azure the Homeless · « **Reply #17 on:** May 13, 2011, 08:24:15 AM »

So..Uhm, what should I do now? Sorry, am a bit confused..

Pondus · « **Reply #18 on:** May 13, 2011, 08:29:33 AM »

Virut/Vitro infections is a format and reinstall case..... sorry :'(

I have sendt a PM to Essexboy so you may want to wait for his advice on this

he is usually in here 8:00pm - 11:59pm UK time

Azure the Homeless · « **Reply #19 on:** May 13, 2011, 08:32:26 AM »

Well, I was about to do that in the first place.. Anyway, that's what I expected.. I think I'll wait for his advice though. Would you recommended a repair, or a full reinstall of XP?

Pondus · « **Reply #20 on:** May 13, 2011, 08:35:45 AM »

full reinstall, but wait for Essexboy, he is the malware removal expert in here and will tell you what you can backup and how if you need to

lastsamurai · « **Reply #21 on:** May 13, 2011, 09:06:45 AM »

Quote from: Azure the Homeless on May 13, 2011, 06:51:09 AM

@Gargamel360

OK, I've got the MBAM log file here. The other one is still yet to come.

---LOG FILE---

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/13/2011 12:41:19 PM
mbam-log-2011-05-13 (12-41-19).txt

Scan type: Quick scan
Objects scanned: 135233
Time elapsed: 19 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1FD79A59-37B1-459B-9097-09F9FAB8A523} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{B97F9125-71A1-48D0-B920-F140EF8DE809} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\DNSCache.DNSCacheObj.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\DNSCache.DNSCacheObj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{376892AE-1825-4E5F-9F85-23F9640051CC} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
d:\WINDOWS\system32\calc.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

--------
Hope it helps yah.

Your database of MBAM is old,but anyway it wont help as Virut/Vitro or Ramnit can be removed only by reinstalling your OS.

Left123 · « **Reply #22 on:** May 13, 2011, 09:23:08 AM »

Follow this guide: http://support.kaspersky.com/viruses/solutions?qid=208280756
Regards

argus · « **Reply #23 on:** May 13, 2011, 09:25:48 AM »

Virut can not be cleaned from the active Windows.
Required format C and then downloaded Avast to your desktop and the boot time scan (all HDD).
Do not click on another partition D, E... virus has infected all partitions.

Other options are a waste of time.

Azure the Homeless · « **Reply #24 on:** May 13, 2011, 09:36:45 AM »

mmK. Looks like it will really end up in a FFR. Well, thanks a lot guys for all the information you gave,

I do appreciate it. $:-\$

I'll try to keep my profile alive.. See yah.!
-Azure the Homeless

essexboy · « **Reply #25 on:** May 13, 2011, 07:50:45 PM »

Well, I'm afraid I have bad news for you.

You have been infected with a polymorphic file infector named Virut. This infection will spread to every executable file in your computer, and unfortunately the only cure for it is to Reformat and Reinstall.

Right now, the best thing you can do is to backup, preferably to CD, all your important data, documents, pictures, movies, and songs.

DO NOT backup any applications or installers and DO NOT backup any files with the following extensions:

.exe
.scr
.htm
.html
.xml
.zip
.rar
.doc
.jpg
.pdf

For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

To find out more information about how you may have got infected in the first place, you can read this article.

I am sorry I cannot give any better news.

Azure the Homeless · « **Reply #26 on:** May 14, 2011, 02:39:45 AM »

That's just fine.. I've already FFR'ed it. Installed all programs and drivers, I was done before 6 PM, having started at 8 AM Manila Time. I want to thank all of you for your time and help; at least now I know what the consequences are when you get this virus.

I'm reading that "Staying Clean" page now. Shall follow everything it says.
I did a full scan after I replugged the external drives back in(fearing that they might have been infected), but they were okay, and the scan didn't find anything else. I must be getting good at this 'nuking' business.

BTW,(this is off-topic) do you know of any forum or site that best addresses external hard drive problems & fixes? Thnks agin..

-Azure the Homeless-

I Thessalonians 5:21 - "Prove all things; hold fast to that which is good." (KJB)

Azure the Homeless · « **Reply #27 on:** May 19, 2011, 04:24:57 AM »

I'm back. I'm sorry to bother again, but now I have a laptop with this virus. Unfortunately, it does not have an optical drive, and the external disk drive that I have is a brick. Could anyone tell me how to FFR from a pen drive? I have both a 4 GB and an 8 GB available. Please help! Thanks..

essexboy · « **Reply #28 on:** May 19, 2011, 08:45:41 PM »

Does the laptop have a recovery partition ?

Azure the Homeless · « **Reply #29 on:** May 20, 2011, 02:15:43 AM »

No sir.. I only have one partition on it.. Is this a problem?

Author Topic: WIN32: Vitro Virus (Read 19285 times)

Azure the Homeless

Re: WIN32: Vitro Virus

Pondus

Re: WIN32: Vitro Virus

Azure the Homeless

Re: WIN32: Vitro Virus

Pondus

Re: WIN32: Vitro Virus

Azure the Homeless

Re: WIN32: Vitro Virus

Pondus

Re: WIN32: Vitro Virus

lastsamurai

Re: WIN32: Vitro Virus

Left123

Re: WIN32: Vitro Virus

argus

Re: WIN32: Vitro Virus

Azure the Homeless

Re: WIN32: Vitro Virus

essexboy

Re: WIN32: Vitro Virus

Azure the Homeless

Re: WIN32: Vitro Virus

Azure the Homeless

Re: WIN32: Vitro Virus

essexboy

Re: WIN32: Vitro Virus

Azure the Homeless

Re: WIN32: Vitro Virus