Hardcore virus!

T

tco21

Cynical Grinch
Joined
Nov 15, 2007
Messages
4,974
Reaction score
60
Location
The land of the wicked
I'm busy trying to repair someone's pc, which is infected with the win32 vitro virus. According to a bit of Googling, this is a mother of a virus that can't be removed.

It even kills combofix when I try to run it.

I ran a full (boot time) scan using Avast (updated today), and it didn't remove it. I've tried running combofix in safemode and nada. Nod32 doesn't work, Kaspersky doesn't work...

Have you guys come across this virus yet?
 
take out the drive, plug it into another pc (So the virus can't start up), dump all the non EXE's like mp3's, jpgs, avi's and documents and format the drive. The painless way of fixing a virus that's that deeply infested!
 
LabAnimal said:
take out the drive, plug it into another pc (So the virus can't start up), dump all the non EXE's like mp3's, jpgs, avi's and documents and format the drive. The painless way of fixing a virus that's that deeply infested!
Click to expand...

Good idea, but just run the anti-virus then on the other machine. It might not be necessary to format.
 
The reason for the virus that cant be removed is that it infected the system files which the operating system uses to run and if any anti-virus deletes those files, windows wont function normally, so like LabAnimal said, put it in another computer as slave..
 
Have you tried Avast's boot-time scan?

Free and more efficient than anything else I laid my hands on thus far.
Virus doesn't "boot" so unless it misses a spot it'll get the bugger where it counts.

[Edit] On second thought....after seeing the outside forum link....you're probably in for a format one way or another :/
 
i got this virus once... managed to clean the infected files by putting the HD as a slave in another com. But the windows was destroyed, so had to re-install windows in the end.

It is one bitc h of a virus this one, nothing would kill it !!
 
Picard said:
Good idea, but just run the anti-virus then on the other machine. It might not be necessary to format.
Click to expand...

By default I always take out a drive that has viruses on it, plug it into my pc, and run a scan and remove on it twice or three times until i'm happy. The downside is, the drive will likely not start up, but the files will be mostly intact. Over install windows helps, but then likely other software will also be a tad upset, so in all its easier to just reinstall all together!

I had a machine the other day that had an infected file in each directory regardless what was in it. Between mp3's there would be a filename.exe file in each. Found over 4000 files infected, removed the lot and at the end of it all could only save the documents, mp3's and other loose data which were valuable, the programs were a write off!
 
Almost every major AV product has a (usually free) boot up scan that you write to disk (or in some cases USB). Follow the instructions that you are given exactly. Then boot up with the disk/USB.


LabAnimal said:
By default I always take out a drive that has viruses on it, plug it into my pc, and run a scan and remove on it twice or three times until i'm happy. The downside is, the drive will likely not start up, but the files will be mostly intact. Over install windows helps, but then likely other software will also be a tad upset, so in all its easier to just reinstall all together!

I had a machine the other day that had an infected file in each directory regardless what was in it. Between mp3's there would be a filename.exe file in each. Found over 4000 files infected, removed the lot and at the end of it all could only save the documents, mp3's and other loose data which were valuable, the programs were a write off!
Click to expand...

This type of thing all depends on the scanning actions the AV is set to take when cleaning infected files/objects. Deletion is probably the most used option, which is also the most destructive as per your situation. Disinfection or in cases when the AV renames files, is probably the preferred choice when scanning a drive that you need to still boot from! It always depends on your settings :D
 
you guys should take killadoob's advice:

format & reinstall!

:D
 
True, true...
I have a corporate mindset when resolving these types of issues, where downtime isn't an option but you still required to resolve the problem. So yea, I tend to sometimes overlook the fact that more options exist for home users. And with the bad mood that I'm in at the moment, I tend to get very irritated very quickly... :p
 
Once you've reinstalled and have a clean system, make an image with a tool such as Acronis True Image Workstation. Even better, also create an image on the Acronis SecureZone (like a laptop's recovery partition, but on your desktop) - that way you'll never have to reinstall again, and a complete system restore is minutes away.
 
Format. :(

Looks like your best bet. I would recommend Kaspersky and Avast on all but this one. Format.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X