Hardcore virus!

wishblade said:
LOL!!!!

I love it when people think the only way to get rid of malware is a re-format...
Click to expand...

If you have a better way of getting rid this nasty bit of work, i gladly nominate you to try..

The Virut family of viruses uses polymorphism to hide from all anti-virus protection and then it infects executable files. File infection makes it very hard to repair a system that has been infected. The win32:vitro virus injects code in running processes and it hooks the following functions in ntdll.dll which transfers control to the virus every time these function are called:
* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess
Click to expand...

I've tried every AV on this SOB and it just keep coming back. Its spreads like wild fire through your machine. I've given up with Windows, using Ubuntu Live boot to get my docs, etc off it. Then going "Scorched Earth" on this machine
 
Try turning off system restore before you run you AV program. Also, as Labanimal said, mount the drive as a slave and use the os to scan the drive. If all else fails....format
 
wishblade said:
LOL!!!!

I love it when people think the only way to get rid of malware is a re-format...
Click to expand...

To be honest, we got some type of worm on our network recently, nothing could clean it out.

Norton, nothing.

AVG Free - nothing.

Nod32 - nothing.

Kaspersy - nothing.

McAfee - nothing.

ClamWin - nothing.

All we could do is to backup the data somewhere safe, reformat and reinstall.

The newer type of malware will be extremely difficult to remove.
 
Telkomisaloser said:
Sounds like a interesting virus.... *goes and downloads it somewhere* :D
Click to expand...

I got a VM (VMWare) which's infected, if you're interested, I can make a plan to get it to you.

Just PM me. :)

It spread via open windows shares.

Best practice to avoid this pesky fscker : enable firewall, make shares read-only, or protect them with a strong password, and run windowsupdates.

Makes /me like Linux more.
 
LabAnimal said:
take out the drive, plug it into another pc (So the virus can't start up), dump all the non EXE's like mp3's, jpgs, avi's and documents and format the drive. The painless way of fixing a virus that's that deeply infested!
Click to expand...

Seconded. Vitro infects every exe file it sees on the machine (and on USB drives, etc.), and they're not repairable. Recover documents, mail, etc, and reformat. I say reformat because if you reinstall Windows only, at some point you will run an executable that's infected. I managed that; reinstalled Windows, ran a driver installer, and it was infected, and I had to to it all again.

First time I've ever had to reformat a machine because of a virus.

wishblade said:
LOL!!!!

I love it when people think the only way to get rid of malware is a re-format...
Click to expand...

See above. If you have a better solution for Vitro, share it.
 
How about a system restore.

I agree there are options beside a reformat, like painfully editing the registry - but this can take hours when a wipe and reload can be done in under an hour.
 
Use Kaspersky demo it works and removes the virus fine.
Old programs like 16 bit and maybd if u have old dos games forget it , they are gone.
The win32/64 programs should be recovered fine.
Dont format.
It is probably the Virut.ce variant which norton/symantec and many other adware/spyware/malware dont pick up, even MS Malicious removal tool and more.
 
Cant believe such a big fuss over a virus. Its not like windows reinstall is that difficult or rakes that long. I do it 5x a day sometimes. Done 3 today. LMAO
 
matt loves telkom said:
i think Viruses are fun to cure sometimes but yes....if you dont wanna have fun just format :p
Click to expand...

Google for BitDefender or Kaspersky LIVE CD. It's a free download. Locate it, download the ISO and burn to a CD-R/DVD-R. Boot your system with that.

Malware Bytes is also good at removing stuff as is Bleeping Computer.
http://www.bleepingcomputer.com/
 
Try Panda Cloud. Its working really well for me.

Stay away from Bitdefender.. its up there with Nortons in crapability. Though if you are going to just use the live CD Peter mentions then it wont hurt.. but dont install it.

If you work in the industry you know its carp. I would use his second suggestion of Kaspersky... Ive heard 99% good things about it.
 
w1z4rd said:
Try Panda Cloud. Its working really well for me.

Stay away from Bitdefender.. its up there with Nortons in crapability. Though if you are going to just use the live CD Peter mentions then it wont hurt.. but dont install it.

If you work in the industry you know its carp. I would use his second suggestion of Kaspersky... Ive heard 99% good things about it.
Click to expand...

Using Bitdefender for 2 years and aside from having to enter an email address when registering, it works very well. Kaspersky is heavy, bloated and screws up MS Office.

I used to run Kaspersky before, it was a resource hog and the installation process did not like Spybot and Comodo Firewall Pro. I had to uninstall both products. I'd say, avoid KAV and NAV. BD also receives good reviews, often beating Kaspersky.

In my case MWEB also scans all incoming and outgoing emails, with a different scanner. That's a great bonus, of course not opening certain attachments is ideal.
 
Last edited:
noswal said:
This thread was started in May, I'm sure he's sorted it out by now.
Click to expand...

I guess, but new people tend to read these threads or find them via google. :)

Ideally if you're worried about security, use a Mac or a Linux system. No wild viruses on Mac and probably not on Linux either.
 
tco21 said:
I'm busy trying to repair someone's pc, which is infected with the win32 vitro virus. According to a bit of Googling, this is a mother of a virus that can't be removed.

It even kills combofix when I try to run it.

I ran a full (boot time) scan using Avast (updated today), and it didn't remove it. I've tried running combofix in safemode and nada. Nod32 doesn't work, Kaspersky doesn't work...

Have you guys come across this virus yet?
Click to expand...

Run a live cd with mini xp or winpe or winvista,then use the tools to bust a cap:D
 
PeterCH said:
Using Bitdefender for 2 years and aside from having to enter an email address when registering, it works very well. Kaspersky is heavy, bloated and screws up MS Office.

I used to run Kaspersky before, it was a resource hog and the installation process did not like Spybot and Comodo Firewall Pro. I had to uninstall both products. I'd say, avoid KAV and NAV. BD also receives good reviews, often beating Kaspersky.

In my case MWEB also scans all incoming and outgoing emails, with a different scanner. That's a great bonus, of course not opening certain attachments is ideal.
Click to expand...
From working with with hundreds of Bitdefender installs I have felt and experience what it does first hand on many different levels. From schools to personal computers .. Ive had to trouble shoot it. Every single one of the guys I worked with in the industry knows the crud it can cause or the errors that pop up around it. Its honestly terrible.

Why is it so popular? Simply put.. its where sales and technical dont come together. We hated our sales people for selling BitDefender as we knew the kind of support we had to do afterwards. Sales sold it because out of all the AV`s out there.. it has the highest markups for them. Thats why its pushed so strongly on the market.

I know it works for some people just like some people will swear by Nortons... but I wouldnt install it on my system.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X