Win32:Virtu-A

system · 2014-07-13T08:28:07.000Z

Hi guys,

This is my first post here, so if this is in the wrong section please excuse me and move to the correct section.

Ok so i’ve been using Avast (free edition) for awhile now and I have to say, it’s a great product and i’ve never been hit with anything.
However… during a recent scan Avast came back with a number of issues which I moved to the chest, but i’m not sure if they are “False Possitives” as they seem to be Windows core system files.

The files moved to the chest are as follows:

Locator.exe
notepad.exe
UI0Getect.exe
alg.exe
mspaint.exe
control.exe
snmptrap.exe

and were all from C:\Windows\System32 location.

Now these are all flaged as a Virus called Win32:Virtu-A but all I can find via google is a virus called Win32/Virut.A - (note the U & T are reversed).

Since moving them to the chest, a number of thing have stopped working from the Start panel - notepad, mspaint, Control Panel… all saying “Application not found”

Has anyone come across this before and can these files be restored safely ? or should I use my Installation Disk to replace them.

Thank you for reading and any help anyone can give would be very much appreciated.

Oh and if any other information is needed feel free to ask, as I said this is my first post and am uncertain as to the information I should post without waffling on.

Regards

Chea.

Pondus · 2014-07-13T08:39:10.000Z

if detection is correct, then you have a serious Virus / file infector
file infectors are real virus, like a computer cancer and inject malicious code in legit files

this may end with a format/reinstall :-\

Virut and other File infectors - Throwing in the Towel? http://miekiemoes.blogspot.no/2009/02/virut-and-other-file-infectors-throwing.html

File infector virus https://www.virusbtn.com/resources/glossary/file_infector_virus.xml

removal team is notified, wait for advice…

Pondus · 2014-07-13T08:57:39.000Z

[b]as I said this is my first post [/b]and am uncertain as to the information I should post without waffling on.

your first ??? ..... hmmm your post count say 6

system · 2014-07-13T09:09:53.000Z

Hi.

I don’t have good news. Virtu is a shortage of Virtumonde, another alias of Virut - which is a death sentence for a system.
Your confirmation is that legitimate apps/executable files have been quarantined by avast. If so, we can really do nothing here.

The only one advice for you is to reformat/reinstall not only of your system drive, but all disks/partitions. Virus doesn’t care, it infects every file that he’s able to spot.

If you want to backup your personal data, do it only for music, videos, documents, photos… Do not backup any exe, dll, scr, htm, zip and rar files. Any games/apps shouldn’t be backed-up also. All needs to go down.

system · 2014-07-14T15:59:59.000Z

Hi guys and firstly, thank you for your time & replies.

Pondus wrote = "hmmm your post count say 6 "

Indeed it does, I had forgot about those two topics back in "07 & "08… it’s been awhile sorry for the confusion

I hadn’t expected such swift replies and so i’ve been poking around trying things, I came across a program via Softpedia called “Win32/Virut Remover” - so I thought anything is worth a try.

I ran the Virut Remover (didn’t find anything) then ran full scans with Avast / Spybot / Malwarebytes / Windows Defender… all came back clean.

The only traces of the “Virtu-A” thing is in the chest… so i’m stumpted - does this mean my system is clean or could the virus be laying dormant / waiting.

Thanks again for the input guys.

Regards

Chea.

system · 2014-07-14T16:25:30.000Z

The greatest issue with file infectors is that they don’t care and infect any file they will spot.
You see, one infected file will be enough to destroy your whole system, as virus is residential in the memory. There may be even situation, your system won’t boot-up next time, because critical files will be damaged.
Obviously that’s your call if you wish to wait.

system · 2014-07-19T18:20:50.000Z

Sorry for the late reply guys, been busy installing win’ updates… (over 200 of them as it’s an "07 version of Vista) :

Anyway i’m kind of up and running again and luckier than some I guess and have a spare system sitting around (albeit very basic), anyway for now i’ve done an install on that machine, in the hope that I can in the future find a way to get this thing removed (although going by your replies, that seems very doubtful).

Once again I thank you for your input thus far, and although I bow to your greater knowledge on such matters - I am concerned regarding backing up certain files…
I have several photos that I would love to “back up” and although you have said that would be ok to do, i’m now kind of paranoid about doing so, incase the virus jumps ship.

Having never done this before, would it be best to burn the said images to CD then transfer them, or could I upload them to (for example:) photbucket and then download them from there ?

Thank you once again for any assistance guys.

regards

Chea.

system · 2014-07-19T19:10:56.000Z

Hi

Wouldn’t it be easier to do it using USB drive? If you have one, we may secure it using another one clean machine (from infections spreading by removable media) and use it later to back up your datą, following my earlier instructions.

Announcements