win32.virut virus affected some of exe files and some files too
cant heal r remove these without del thosefiles and exe
and seems getting sread each time…
using avast home edition…
hw to remove this virus safe with out del files
If avast was installed a long time and you have generated a VRDB (virus recovery database), the executables could be repaired as far I know. If you didn’t generate it… well, try this http://www.grisoft.com/doc/34/us/crp/0/ndi/67762
If it fails, I’ll need to ask if you have a full backup…
yes i am using avast for over 7 months…
the link of avg u gave i tried earlier it self it didt give out any good antici9ated results…
what can be the best way to solve this…
currently the virus have infected logon.scr file too…and some exe’s in the system…
want to heal it 9ro9erly…
I’ll need virus cleaners experts here… If I continue to guess and suggest, I can harm more than help. I know my limitations… If a virus is infecting all the executables in the computer, it could be a problem difficult to solve and as time goes by it gets worse.
Hello matrunner,
I am afraid that i have some bad news for you. :
If your computer is infected with this variant of virus Win32.Virut.q , there is not much that can be done.
This will infect all .exe files on your system, it is a polymorphic file infecting virus, which means that it changes constantly and makes it difficult to detect and clean, because it’s code is constantly changing.
There is yet no cure for this variant of virut because of too much corruption it does to files.
Do not run avast boot time scan yet, it is possible that after running it the computer not to be able to boot. Also do not run online scanners like Bitdefender and others that includes cleaning, because we already tested couple of online scanners and they deleted all system files that were infected. You can run Kaspersky online scan because it doesn’t offer cleaning service and we can confirm that way if you have this variant of virus.
I suggest that you make a back up on CD, any important documents you might need, you can also back up your music and picture files, but don’t back up any exe files or screensavers.
I am afraid that clean reformat is the only choice here. You will need to have recovery cd or back up image of the system. After reformatting, use avast to scan your back up CD, also online scanner to confirm that the back up you have is clean of this virus.
Let us know if you need help with this.
Regards
Just to add this, don’t download any keygens, because this is how most of the people got infected with this virus.
So far the sites we know that it would be good to block them are these:
proxim.ircgalaxy.pl
1.mezzicodec.net
smart-security.biz
ntnrkrnlpa.info
You can enable URL blocking in avast and add this sites to be blocked.
This block url thing… is it in pro edition? I can’t find it anywhere in home edition…
It is in both versions and is part of the Web Shield, Customize, URL Blocking, ADD. See images.
This “Win32.Virut.q” really looks like a bad one. You can read about someone else’s problem with it on Spybot forum here:
http://forums.spybot.info/showthread.php?t=18075
It’s a variant of “W32/Virut.h” (McAfee’s name). See this link for particulars:
Will this virus be covered in future definition updates, also if you can submit it to Avast that may help
It is not so much the virus but the fact that it is a polymorphic (constantly changing) virus that makes it so hard to detect. avast has been working on new detections for polymorphic viruses as has been seen in recent improvements in av-comparatives.org tests, but there is room for much improvement.
Sample is already sent to Alwil team, its up to them when they will add detection. All other av vendors that got this sample responded to the email that was sent, except Alwil team : but thats nothing new cause they never respond :-\
It would be good if they add detection sooner, so at least it can be prevented from installing at first place. So far the antivirus programs that detects this, they cant clean the files and instead of that they delete all files that are detected.
Hi,
my comp seems to be heavyly infected by this virus. I now intend to by a new harddisk, install on it a new windows xp and then use the old disks only for grabbing data (no exe or scr files). It could be that I sometimes have to run the old infected OS to look for older emails and/or run some infected files just for looking some older data where i do not have the install files anymore. Is it possible to run those files without infecting anything on the new hd?
I wouldn’t do it this way. The virus could easily spread to your new HDD. A better way would be to back up your data to a CD first – scan that CD to make sure it’s not infected, then transfer the files to your new HDD.
I now bought a new hdd (300 gig ;D ) and additional 1 gig ram… hehe. So its not only bad…
I dismounted the old hdds and installed a fresh os (xp-home), then avast, reg-cleaner and so on. Now I am going to switch between the new and old (infected) hdds to not loose needed information.
Even my burn-prog is infected and won´t let me burn dvds. Only way is to create data folders and transport them with usb-stick. Shit, I only have one with 1 gig. So its becoming odd. Maybe tomorrow I´ll buy one with 4 gig. Or has someone an idea to transfer th old data faster?
I don´t transfer exe or scr files and always check the stick with avast before I transfer the data to the new hdd. Did I forget something? If someone notices such, please post here, I am checking this thread ongoing during the transfer.
Thanks for reading and any help, if given.
Use Mozy (see link at my signature), upload up to 2Gb of files and then download in the new HDD.
Or, you can use the two HDD in the same computer, one of them as being slave and the other master.
Thats what I intended to do, but Rick F advised me to walk on the secure way and I think he is right. So for now I use both sorts of hdds each at a time. The old two hdds which are infected with their old os for storing data on stick, dvd if possible or Mozy like you advised and then after dismounting those hdds I mount the new hdd to check and store the data on there.
Steffen,
When you said you couldn’t make a CD because even your ‘burn-prog’ was infected, I was trying to think of an on line storage service you could use. Tech offers that exact solution with Mozy. I’ve never used it myself, but this could work for you.
Since you said 'both of your old HDDs were infected, I’d be afraid the infection could spread if you plugged in your old HDD to txfr files. I could be wrong, but I like erring on the side of extreme caution myself.
Tech is very knowledgeable and helps many folks here on this forum.
You’re losing the best free on-line storage method.
Safe (encrypted files), fast, reliable, saved me a lot of times.
Also, both you and I receive an extra space if you click in the link on my signature 8)
hello guys… i’m back on track (after an bussiness trip), so the update of the Win32:Virut detection will be done asap… sorry for the delay, but it was difficult for me to work remotely at this hihgly complex task…