Suggestion for better virus detection of Vitro

Last week I managed to contract the Vitro virus… I had scanned the EXE before running it, and nothing was found, but after running it, I knew I had caught it :wink:

Anyway - that’s all cleaned up - I reformatted, scanned both my internal and external USB HDDs, deleting the 20 or 30 EXEs that were infected, and all is good.

One thing I’ve found since is that a good 2,000 of my HTML, PHP, and ASP files (I’m a web developer) have a hidden iframe in the bottom of them that goes off to a malicious web site. This is obviously not something that Avast detects when scanning files, otherwise it would have found many of them.

Perhaps this could be added to the things that Avast scans for, as it would be easy to detect and remove (string replace), and could save many people potentially being re-infected by opening a file they assumed was clean (because Avast gave it a clean bill of health).

Interestingly enough, I only found the iframe by chance, as after reading the forums here, I added a list of 10 or so URLs to Avast’s ‘web block’ list to avoid any future problems, and sure enough it popped up a day later when I was opening one of the infected HTML files… so perhaps if I hadn’t done that, I’d be re-infected by now?

Anyway - I think it would be very beneficial to have Avast scan for this iframe code. What do others think? Is this something I need to contact Avast about, or do their developers read these forums?

Thanks,
Dan

As you already know, Avast handles Win32:Vitro very well, except for iframe located in infected .html files.
CA anti-virus is the one which can clean (not delete) these infected .html files.
For results, you can open these .html files using Notepad before & after cleaning process.