16.07.09 Gave up trying to clean the viruses, they where replicating faster than the tools I was using could clear them. I don’t think it would have been an issue if any one tool did a complete job but they all seemed to do well in certain areas. I haven’t yet fdisk’ed, reformated and re-installed. I’m running Windows 7 off a second partition to cleanup my data and remove any traces before backing up and starting from scratch.
09.07.09 Still had a bunch of files infected with HTML:IFrame which looked like it came through the Vitro infection. Basically every .htm or .html file on my PC was infected. I couldn’t find a tool to remove the infection so I let Avast delete them all. I can always reinstall any software that won’t run. At the moment my PC is looking okay, I’m running Windows Defender, Trojan Hunter and then will try some online scanners.
08.07.09 My machine is currently being scanned by Dr.Web CureIt Utility, it’s found 889 infected files so far. Finally found 990 files infected. I then ran the fixvirut.com free removal tool from Symantec, which found no instances.
I’m trying to sort out multiple instances of the Win32:Vitro (aka Win32.Vitro) & Win32.Virut.56 Trojan Virus, . It’s a really nasty one that rapidly infects ALL .exe (executable) and .scr files over time. I’m trying to see if I can sort it out without having to reformat and re-install everything which seems to be the norm from many other people’s experience with this particular trojan.
It’s polymorphic, which means it spreads faster than any antivirus can contain it. 99.99% of the time the only solution is a reformat and reinstall. Virut is so aggressive it even infects already infected files with itself. It’s a computer killer…
Also Known As – AKA
- Win32/Virut (CA)
- Virus.Win32.Virut (Kaspersky)
- W32/Virut (Norman)
- W32/Virut (Sophos)
- W32/Virut (McAfee)
- W32.Virut (Symantec)
Symptoms
The following symptoms may be indicative of a Virus:Win32/Virut infection:
- Network traffic on TCP port 65520 with connection to IRC server proxima.ircgalaxy.pl, on channel & virtu
- Increase in file size of infected files
- Infected files fail during execution and have a recent modified date property
- Web pages displaying erratically
- Browser will not display any of the anti-virus sites
HiJack This logs will have an F2 entry similar to this.
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\TEMP\init.exe,
More Information
Microsoft Malware Protection Center
Prevention is way easier than cure
Stopping viruses, worms, trojans, spyware and malware from getting onto your system is way easier and cheaper than having to repair the damage once they have gained access to your system.
Backup
If you are using Acronis True Image or similar backup software to make full image backups onto an external drive, you are in great shape. However, if you backed up since you were infected with Vitro or Virut, your backup’s since are fected as well.
I use the free version of Avast Antivirus on my PC
Some of the more common free anti-virus offerings
I suggest only installing software certified by ICSA
Avast! Anti-virus program for Windows. The home edition is freeware for noncommercial users.
AVG Free edition Free edition of the AVG anti-virus program for Windows and Linux.
Avira Antivir Free anti-virus software for Windows, Linux, Free BSD and Solaris. Detects and removes more than 50,000 viruses. Free support.
BitDefender Freeware virus scanner for Windows.
Clam AV Freeware, GPL, Linux. Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail
servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon,
a command line scanner, and a tool for automatic updating via Internet.
ClamWin Freeware, open-source anti-virus program for Windows.
Comodo Anti-Virus Free anti-virus program for Windows.
FProt Free anti-virus program for Linux, FreeBSD and Solaris (personal use only). Evaluation versions for all usage types on Windows and corporate usage on Linux, BSD and Solaris.
HandyBits Free for personal use. Virus ‘scanner integrator’.
After performing an auto-search for installed virus scanners, it will scan your files using all found installed virus scanners.
This can be useful, since some antiviral programs are good for one type of viruses, other programs for other viruses.
PC Tools AntiVirus Free anti-virus program for Windows.
ThreatExpert Can detect viruses and other malware on your PC.
Provides a “post-mortem” diagnostic to detect a range of high-profile threats that may be active in different regions of a computer?s memory.
ThreatFire Protects against viruses, worms, trojans and other spyware, designed to be a complement to your current anti-virus software.
ThreatFire does not need to know anything about a virus before it can protect you against it.
This is because the program looks at the behaviour of an infected program (instead of the contents of the infected file).
The basic version is free.
Note from the editors: after testing the software we found that it generates a lot of false alarms on legitimate software.
Nevertheless we think that this program can be useful provided you know how to interpret these alarms.
Free Online Scanners
http://safety.live.com
http://www.kaspersky.com/virusscanner – (need Java 1.6 or newer installed, more than a 100MB download)