Author Topic: Win32: Vitro, is it gone??  (Read 3617 times)

0 Members and 1 Guest are viewing this topic.

handsup

  • Guest
Win32: Vitro, is it gone??
« on: March 24, 2012, 01:39:47 PM »
Hi all,

I'm not the best with viruses etc. so could really do with some advice!

I got some files off a friends computer about a week and a half ago, and my microsoft security essentials never picked up the fact there was a virus hidden in one of the .exe files. My mate  found out yesterday so I got rid of MSE and got Avast! which I ran yesterday and picked up the virus. Win32: Vitro

Avast deleted the virus and I've a full scan a few times since and i not picking anything up since. My computer never started acting funny either and when it did pick up the virus it was still contained in the original .exe file.

All seems fine now except when I ran the boot scan it did say there were a few files that read "CAB archive is corrupted" - but Avast said it couldnt repair or delete these files so I had to just ignore them. At the end of the boot scan it said no files infected (so maybe those corrupted files are not related? apologies as I don't fully understand any of this!)

So basically other than that my computer seems fine, but when I googled win32:Vitro there seemed to be so many sites saying what an awful virus it is and it would have been on my computer for over a week.

Could this still be on my computer? Or have I done enough by having Avast delete the file and I've ran Avast and Malwarebytes a number of times since and aren't picking anything up anymore.

Thanks in advance for any help as its very much needed :)

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37614
  • Not a avast user
Re: Win32: Vitro, is it gone??
« Reply #1 on: March 24, 2012, 01:43:08 PM »
so....did you ever run the .exe file ?



Quote
so maybe those corrupted files are not related? apologies as I don't fully understand any of this!
'
file that can not be scanned are just that, no more no less
avast is just telling you it can not scan them and the reason why....it does not men they are infected
infected files are detected with a malware name
« Last Edit: March 24, 2012, 01:47:14 PM by Pondus »

handsup

  • Guest
Re: Win32: Vitro, is it gone??
« Reply #2 on: March 24, 2012, 01:45:47 PM »
No I am 99% that I never actually opened the file, it was just in a folder that I copied from my friends comp.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37614
  • Not a avast user
Re: Win32: Vitro, is it gone??
« Reply #3 on: March 24, 2012, 01:49:10 PM »
No I am 99% that I never actually opened the file, it was just in a folder that I copied from my friends comp.
Lucky you...as this is one of the worst file infectors out there

Virut and other File infectors - Throwing in the Towel?
http://miekiemoes.blogspot.com/2009_02_01_archive.html

check file you download at www.virustotal.com / www.jotti.org  before you open/run



if you have problems, this is the guide to follow
http://forum.avast.com/index.php?topic=53253.0


« Last Edit: March 24, 2012, 01:51:15 PM by Pondus »

handsup

  • Guest
Re: Win32: Vitro, is it gone??
« Reply #4 on: March 24, 2012, 01:54:25 PM »
Thank you so much for your quick replies!

Do you think I am safe then since my computer isn't doing anything funny and Avast isn't picking up on any infected files?
Or could it still be hiding from Avast?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37614
  • Not a avast user
Re: Win32: Vitro, is it gone??
« Reply #5 on: March 24, 2012, 01:59:16 PM »
if you had Virut avast should detected it......and if it was spreading inside your comp avast would go bananas with multiple alarms

handsup

  • Guest
Re: Win32: Vitro, is it gone??
« Reply #6 on: March 24, 2012, 02:06:38 PM »
Thank you so much for your help. This forum is brilliant! And I'm definitely sticking with Avast from now on (Damn MSE!!!)


I just have one further question out of interest, if I never knew there was a virus hidden in a .exe file on my computer but never opened that file, does that mean the virus would never do any harm?

Basically I'm just wondering, can a virus still spread and do harm to your computer if I never actually open the .exe file its hidden in?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37614
  • Not a avast user
Re: Win32: Vitro, is it gone??
« Reply #7 on: March 24, 2012, 02:13:06 PM »
Quote
Basically I'm just wondering, can a virus still spread and do harm to your computer if I never actually open the .exe file its hidden in?
nope...you need to run it. as long as it just stay there or is inside a zip file it is dormant...waithing for somone to unzip and click the exe..and then   :-[

however infected website is different...but you have avast, and avast speciality is to detect infected website...at this avast and Sucuri is best

handsup

  • Guest
Re: Win32: Vitro, is it gone??
« Reply #8 on: March 24, 2012, 02:24:46 PM »
Thank you so much for your help and advice! I never realised that about needing to open the file so that is such a relief!!

Actually one further question if thats ok?!

When running the boot scan I also got these messages :

1  File C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.6.0.40\Itunes64.msil>iTunes.cabl>iTunes.exe  is infected by Win32:Malware-gen

2  File C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.6.0.40\iTunes64.msil>iTunes.cabl>iTunesHelper.exe is infected by Win32:Trojan-gen
3  File C:\Windows\Installer\2288cc.msil>iTunes.cabl>iTunes.exe is infected by win32:Malware-gen

But when I tried to repair, move to chest or delete it said Error 42111{The operation is not supported for this type of archive.}

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32: Vitro, is it gone??
« Reply #9 on: March 24, 2012, 02:41:02 PM »
They are possible false positives, and as they are cabinet files then they can do nothing untill they are opened

You dodged the bullet big time there by not running the file


handsup

  • Guest
Re: Win32: Vitro, is it gone??
« Reply #10 on: March 24, 2012, 02:48:08 PM »
Thank you both so much for your help :)