Remove Virut & Sility

General Topics
1

Im posting this outside of the evangelist corner so everyone can see it. But is this a way to remove Virut and Sality without having to rebuild the system?

http://www.youtube.com/watch?v=FGDl-IMOt1g

From the video at the end it seemed to be all clean, but even if one trace remains cant virut begin to infect .exe and .scr files all over again?

P.S grab a snack, its a pretty long video.

2

interesting video, Thanks.

3

Well if they have cleaned up virut so it no longer wrecks the system files I would agree. However, it still wrecks the system files - so yes it can be removed but you will have a lot of problems with windows files refusing to work properly. I would go for a reformat if I was hit

4

Thank you for that Insight essexboy I didn’t know that :-[

5

Howdy malware fighters,

I just sat out this extremely long video and have a couple of remarks to make about the cleansing routine as it was presented there on top of what caution our good friend essexboy brought to the thread (I nearly put there to the table). Remember the man who presented this video is a professional malware analyst and I think qualified eliminator. This routine is not for the average user, who probably could make head nor tail of all the magic performed and would shy off. Some issues were not properly explained as well. The surroundings were an experimental minimal VM isolated test surrounding, completely taken offline at times and fully sandboxed.
I would not like to have virut dance in any other theatre either. Then the man also had a go at the virut file infector with ComboScript. As what I saw was taken down right well, he started to cleanse out in two strikes through a boot up from a DrWeb live CD (this is no new method to attack virut, it is propagated elsewhere).
Then he had a go at the rest and the infected processes with Comodo AV + FW (this demands a lot of pre-knowledge of what to terminate, kill and reintroduce. What was a good tip was that on further cleansing with an updated MBAM quick scan - he did the cleansing in bits after encountering a crash.
The final bit was detecting the proxy file and restoring the normal connection and the blocking of the malware sites. He did not tell about the normal theatre where one has infected backups, various additional temporal cleansing to do and other inconsistencies to be dealt with plus the enormous danger to reintroduce the infector from peripherals etc. Impressive, but do you like to know what I really think this is: “Art for the art of it!”,

polonus

6

Yes there is a time factor which cannot be dealt with in the frame of this video.

Given virut infection, the longer the malware has been resident in the system. the far more difficult it will be to remove. I would have thought. Although the infection did seem to be deeply bedded. There is some good practice at work.

Interesting about virut working on executables and dll files - every time they are run, virut attaches a patch.
Good reason to make use of Safe Mode, for however much is possible.