My system has been infected second time in three months and Avast! is powerless to get rid of this.
I think i’m gonna stop using Avast!. That’s all.
Have a nice day.
Virut has been updated many times and thus is up to date…
Even the most updated AV is getting a hard time dealing with this nasty file infector^^
Removing this would be based on luck…Probably the success rate of getting rid of this virus is about 5%…
Best option would be a reformat…^^
-AnimeLover^^
Virut / Vitro is extremly difficult to remove, Many Tec`s advice to Reformat
Virut and other File infectors - Throwing in the Towel?
http://miekiemoes.blogspot.com/search?q=virut
Dealing with the dispicable Vitro / Virut (Win32.Virut) polymorphic virus
http://technosopher.wordpress.com/2009/04/21/vitro-virut-win32/
Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en
Dr.WebCureit http://www.freedrweb.com/cureit/
Virut belongs to a family of destructive polymorphic infectors. Basically, they are designedt o change their names and file properties slightly each time they run, making it extremely hard for most applications to run a successful detection and removal/cleanup routine.
Prevention is the absolute best step, no matter what AV is used, as +AdDicT+ has indicated.
Prime among prevention would include the use of a script blocker, or manually disabling/prompting scripts (or Firefox with NoScript), making sure that all software is up to date, Second might be the use of a two way firewall and using a program or procedure that blocks known malicious sites. Such as a hosts file or SpywareBlaster, (by Javacool).
But you probably already knew that.
Do you know how you got this?
And do you actually want some help, or did you just post to rant?
See reply #16 from Essexboy
http://forum.avast.com/index.php?topic=43272.msg406710#msg406710
PS, if you got it from a USB device, AutorunEater is a useful application to prevent the transfer of malicious content.
There are various other flash protection - type applications.
They seem to have evolved since most of the above linked articles were written.
I don’t know how effective they are at preventing virut, though, having never come into contact with it.
Actually i need help. And i’m kinda desperate and disappointed too because im using my favourite antivirus over 4 years and now Avast! can’t deal with that virus.
Sure thing.
I am sorry, but looking at the links posted above by Pondus, it really looks as though a format and reinstall is your only option. Any USB devices used should also be considered as infected.
In addition to the general prevention tips listed (and linked) above, a good backup and recovery strategy should be used. There are some suggestions for the use of imaging programs in this thread.
If you read the description in the first two links posted by Pondus, you will see why the virus can not be fixed. There is also a list of file types that must not be backed up, once an infection has occurred; they must be considered as infected.
I’d be disappointed, too.
It sounds like a terrible infection to have.
[edit to add:] it seems even those tools specially designed to remove it are not that effective, but you could always try them if you want.
Your pc is infected beyond repair, accept it.Any other devices that have been connected, will also be infected.( flash drives/hard drives ) There is no cure for this.
Read the link by Pondus and reformat and reinstall.
Virut usually comes in cracks/keygens, be honest, is this how you got it ? Its payback from the manufacturers, for people trying to steal their software. If this is how you got it, next time run your downloads in Sandboxie, and scan your sandbox with Avast, Drweb and Kaspersky online scanner.
I would not say that Avast does not work. I have recently had a case where Avast killed the infector file before it could run
C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\11.exe Win32:Vitro C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\12.exe Win32:Vitro C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\13.exe Win32:Vitro C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\14.exe Win32:Vitro C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\15.exe Win32:Vitro C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\16.exe Win32:Vitro C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\17.exe Win32:Vitro C:\DOCUME~1\benm\LOCALS~1\Temp\_avast4_\unp148011203.tmp\18.exe Win32:VitroA more detailed scan revealed no sign of Virut on the system - but this is an older version of the virus. Remember we are playing catch up all the time. Virut generally comes loaded with cracks and keygens - so if you download that type of file you are asking for trouble
Hey
Ive Got Infected With Win32:Sality (from a USB stick) then it turned of my fire wall but i turned my fire wall on again then the virus stop spreading and avast remove it(avast recommend a boot scan on it) certainley it leaves some little damage on my system.
But Just a little little damage.but so on avast remove it and after avast remove it i search for more information on that virus and ive just found that it drops some regestry entries so i follow those paths and delete the registry entries.The discription i found about the virus that it got the ability of overriding the firewall and anti virus but it fails on overriding avast but it success on overriding my firewall(windows Firewall).i think really is avast is such a strong antivirus.Then I downloaded the safemode registry entries(coz the virus delete safe mode on my pc).
when i do the boot scan it just infected a few .exe files that can be restore and 1 windows .exe file
then i scan my system with MBAM then Dr.Web Cure It
and my pc got CLEANED (im not really sure if its 100% clean :P).
but tnx to avast!!!tnx AVAST!!!NO.1
You can’t follow these paths because they don’t exist. What are you going to say when you see something like …system32/33.scr , system32/88.scr infected? You can’t move it to chest,nor rapair. The error message i got from Avast! is something like “This file cannot be removed because it is being used by another process”.The only way is to try to delete it and after that move it to chest. But after few minutes it creates another fake location.
I think that Vitro cannot be removed.
And yes. It’s truth. I’ve tried to download keygen.
Well, Vitro, Virut, Sality infect files after another…
The error message, “…cannot be removed because it is used by another process”, is nothing in particular for the infected file is a legitimate file^^
As I said, removing or disinfecting is futile…Reformat is, I think, the best option^^
-AnimeLover^^
..For malware that [i]can[/i] usually be dealt with, a boot scan is usually the recommended procedure, as it can delete the file before the OS loads. Or a scan with MBAM, which will offer to remove detected malware on restart. Not the case with this file infector, sadly.
MBAM will completely delete infected file(s), so the OS will not load then.
Because the VRDB was supposed to help, but I personally thought that it was a bad idea.
Guys, you’re talking about a multiple and buggy file infector that will aggressively corrupt any executable (and many other) files on the PC. Unless the VRDB stored a copy of every file on the computer it’s not going to cut it.
Same with MBAM. It can’t heal corrupted files.
I have 3 HDs. I have deleted my c partion and installed windows again. After that i did a full system scan with MBAM and Dr.Web CureIt! MBAM said that system is clear,but Dr.Web CureIt! found five Viruts in System Volume Information on the third HD !! Actually Dr.Web CureIt! can/will cure infected system files.
But remember that system scan must be done in safe mode.
My system is clear now. I hope this post will help somebody to get rid of this nasty virus.
Win32.Virut.56 is dead ;D
… One more thing.
I'll use that Sandboxie next time ;)