win32:virut virus

essexboy · September 22, 2007, 5:49pm

From the examples I have seen of this virus so far a reformat is the best way at the moment, once it has infected your system. It does need to be stopped before it gets that far

system · September 22, 2007, 10:40pm

Thanks for heads up.

Until update is released add in url blocking this one too:
leon.htn.pl

Or put them into hosts file:

127.0.0.1 proxim.ircgalaxy.pl
127.0.0.1 leon.htn.pl
127.0.0.1 ntkrnlpa.info
127.0.0.1 xp.attrezzi.biz
127.0.0.1 l.mezzicodec.net

oldman960 · September 23, 2007, 5:17pm

When playing around with the webshield url blocker, I found that entering sitename.com and letting avast add the http and, http://sitename.com*, that perticutar home page could be reached. Anything beyond that was blocked. By adding the www, http://sitename.com*, the homepage then would be blocked.

When adding the above urls to the blocker would you suggest using http://www?

system · September 23, 2007, 6:29pm

Snowhite’s suggestion about blocking those listed sites OR putting them in your ‘Hosts’ file is a good idea. It reminded me about the ‘Hosts’ file that I’ve been using for over 2 years.

The “MVPS.org” ‘Hosts’ file is updated about every two weeks. It’s a free service with free notices of updates. It blocks many pages that contain spyware, adware (malware) from loading by just sending you to the ‘localhost’ 127.0.0.1. When you go to a page that contains frames and one of those frames is on the ‘hosts’ list, you just see a local host image in that frame (the rest of the page is fine). Any site that uses tracking cookies (like doubleclick) is passed over and you get to the site you’re trying to get to (minus the tracking cookies).

I think everyone should have an up-to-date ‘Hosts’ file on their computer. For more info on this one, see this link:

http://www.mvps.org/winhelp2002/hosts.htm

I just updated my MVPS ‘hosts’ file today and checked those entries that Snowhite listed. All but one of them were already on it. MVPS also offers a ‘bat’ file that you can use to turn off the ‘hosts’ file if you want to (it’s renamed temporarily). Clicking on the bat file again toggles it back on.

Hope this helps.

Maxx_original · September 24, 2007, 9:30am

Virut detection updated to support the newest variant… wait for the next VPS

oldman960 · September 24, 2007, 9:32am

Finally some good news in this thread. Thanks and keep up the good work!

system · September 24, 2007, 1:30pm

Thanks Maxx,

Wow, that last VPS was over 250K in size! I’ll have to go see what detections were added. Last vps ver 776.0

win32:virut virus

Announcements