Infected Win32.Vitro virus

system · April 8, 2010, 5:02pm

My computer get infected Win32.Vitro (scaned by Avast)

If I use Avast to remove virus (some infected file in system folder will be deleted: explorered)
Please tell me remove this virus
Link virus: hxxp://www.mediafire.com/?lzfy4nkynoy

I scaned online, many antivirus do not detect like virus

==================================
VirSCAN.org Scanned Report :
Scanned time : 2010/04/08 21:54:40 (ICT)
Scanner results: 33% Scanner(s) (12/36) found malware!
File Name : virus.zip
File Size : 422302 byte
File Type : Zip archive data, at least v2.0 to extract
MD5 : d1fe93e94132e5597a23a44a53d0bc49
SHA1 : 37eaac92bcdfcb3c4f6fecba4549a3c6ab291f58
Online report : http://virscan.org/report/9de9857b2eb2df1592256b92d9039e5f.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100408214355 2010-04-08 8.38 Trojan.Win32.Patched!IK
AhnLab V3 2010.04.08.00 2010.04.08 2010-04-08 1.97 -
AntiVir 8.2.1.210 7.10.6.48 2010-04-08 0.26 TR/Patched.Gen
Antiy 2.0.18 20100408.4160000 2010-04-08 0.17 -
Arcavir 2009 201004081006 2010-04-08 0.08 -
Authentium 5.1.1 201004080309 2010-04-08 1.33 W32/Virut.AI!Generic (Heuristic)
AVAST! 4.7.4 100408-0 2010-04-08 0.06 Win32:Vitro
AVG 8.5.720 271.1.1/2798 2010-04-08 0.31 Win32/Virut
BitDefender 7.81008.5596693 7.31138 2010-04-08 3.58 -
ClamAV 0.95.3 10715 2010-04-08 0.18 -
Comodo 3.13.579 4539 2010-04-08 1.07 Virus.Win32.Virut.ce
CP Secure 1.3.0.5 2010.04.02 2010-04-02 0.00 -
Dr.Web 5.0.2.3300 2010.04.08 2010-04-08 6.93 -
F-Prot 4.4.4.56 20100407 2010-04-07 1.35 Possible W32/Virut.AI!Generic
F-Secure 7.02.73807 2010.04.08.06 2010-04-08 0.20 -
Fortinet 4.0.14 11.673 2010-04-08 0.81 -
GData 19.10964/19.872 20100408 2010-04-08 6.81 Win32:Vitro [Engine:B]
ViRobot 20100407 2010.04.07 2010-04-07 0.42 -
Ikarus T3.1.01.80 2010.04.08.75580 2010-04-08 5.71 Trojan.Win32.Patched
JiangMin 13.0.900 2010.04.08 2010-04-08 1.22 -
Kaspersky 5.5.10 2010.04.08 2010-04-08 0.09 -
KingSoft 2009.2.5.15 2010.4.8.16 2010-04-08 0.82 -
McAfee 5400.1158 5945 2010-04-08 0.02 -
Microsoft 1.5605 2010.04.08 2010-04-08 7.39 -
Norman 6.04.11 6.04.00 2010-04-08 6.01 -
Panda 9.05.01 2010.04.07 2010-04-07 2.53 -
Trend Micro 9.120-1004 6.980.06 2010-04-08 0.12 -
Quick Heal 10.00 2010.04.08 2010-04-08 1.92 -
Rising 20.0 22.42.03.03 2010-04-08 1.55 -
Sophos 3.06.0 4.52 2010-04-08 3.38 -
Sunbelt 3.9.2412.2 6151 2010-04-08 5.37 -
Symantec 1.3.0.24 20100407.002 2010-04-07 0.27 W32.Virut.CF
nProtect 20100405.01 7907880 2010-04-05 4.56 Trojan/W32.Agent.1054208.B
The Hacker 6.5.2.0 v00257 2010-04-08 0.38 -
VBA32 3.12.12.4 20100407.2055 2010-04-07 2.95 -
VirusBuster 4.5.11.10 10.122.36/2039118 2010-04-07 3.28 Win32.Virut.Y.Gen

system · April 8, 2010, 5:12pm

Virut/Sality/Vitro is file infector. Do not try to deal with it from infected machine.

You can try Dr Web live CD to cure infected files and remove the virus.

In case you haven’t any important documents which you can’t restore on infected computer, you can reformat your system completely.

Also, please, do not link us to downoad of that virus.

Pondus · April 9, 2010, 7:03am

Virut and other File infectors - Throwing in the Towel?
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html#IDComment15344616

Dealing with the dispicable Vitro / Virut (Win32.Virut) polymorphic virus
http://technosopher.wordpress.com/2009/04/21/vitro-virut-win32/

W32:Vitro (Virut) virus removal
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=314

system · April 9, 2010, 5:38pm

Thank Pondus, I will try!

system · August 2, 2010, 3:36pm

hi’ avg have very good solution for win 32.vitro virus you can check out it and it is free this is a virus remover patch. I think it works for me. it is avg virus removal too here is link

system · August 2, 2010, 4:00pm

Can anybody confirm this? New users usually complain instead of helping. This message looks like spam to me, too.

polonus · August 2, 2010, 4:09pm

Hi 13thSlayer,

If it is content spam it should be reported to the Mods, and it will be taken off,

polonus

Left123 · August 2, 2010, 4:27pm

i can tell only this
Win32.Vitro is quite dangerous trojan virus. Just like trojan Vundo and Zlob, Win32.Vitro can be obtained by visiting various noxious websites. Mainly, Win32.Vitro is promoted on websites that offer free online movies. In order to watch those movies visitor has to download certain video codec. However, it’s not a real video codec, but trojan Win32.Vitro. Once active, Win32.Vitro performs various misleading actions. It downloads and installs additional malware and spyware without user’s permission. What is more, it advertises rogue anti-spyware applications such as Antivirus 360 and System Protector. Win32.Vitro must be removed at earliest stage, because removal delay will cause even more damage to the system.

sorry but i will not post any solution coz some1 will make fun of me ;D,w8 for others reply

system · August 2, 2010, 4:35pm

this is probably the only true part of the post, everything else is false

Left123 · August 2, 2010, 4:38pm

i wouldn’t say that,google.com

system · August 2, 2010, 5:19pm

ahh i see now. 2-spyware.com seems pretty lame though(I believe thats where you quoted false stuff from?).

but believe or not, google can show normal search results, too. for instance http://www.bleepingcomputer.com/forums/topic214456.html

Left123 · August 2, 2010, 6:14pm

OH NOES

system · August 2, 2010, 6:19pm

YES U

mkis · August 2, 2010, 7:07pm

Hi meigyoku

try restrict infected computer to Safe Mode, and if possible load yr defense resources from a clean computer onto a CD and copy them to the infected computer for use, in hope that the virut strain is still in a very early stage of infection.

you can can run overview hijackthis scan in Safe Mode, and uninstall unnecessary downloaded programs like the media fire stuff, even Drweb cureit may help, whatever excess you may want to shed, temp files (TFC, I think runs in Safe Mode, or ccleaner), just anything messy to help, for example, if you may need to do a repair of yr system using installation CD. But certainly Safe Mode will restrict virut from spreading too quickly.

TFC - http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
ccleaner - http://www.filehippo.com/download_ccleaner/

I think you can schedule avast boot-time scan in Safe Mode as well and this may help if you are in early stage of infection or have a less virulent strain of the virus.

mkis · August 2, 2010, 11:48pm

oh make sure sure System Restore is disabled (turn off).

However, if you still have the option available (that is, you have a Restore Point(s) prior to the time when you got infected) perhaps an attempt should be made to roll back the system to the earlier date. I’m not sure though. So lets make a request to the forum members for any advise as to whether an attempt should be made to restore to an earlier date? I would think so myself, an attempt at least, surely wouldn’t hurt to try.

But then, bear in mind, best advise is not let virut get in amongst system restore function(s). Turn off System Restore.

Infected Win32.Vitro virus

Announcements