WIN32 VITRO HELP PLEASE

Hi Everyone! I’m new to the forum and I admit I just reached this place today when my PC got infected by the win32 vitro thing… Maybe because all is well in my PC until about 9 hours ago…

I downloaded a game for a private server and Google Chrome already detected the file as something that has malicious content or something but I ignored because I got used to it on that game (that game had so many private servers).

Then came the WIN32 VITRO…

I’m a newbie in being infected cause I highly consider taking all precautions with viruses but I think I made the wrong decision of taing the risk of still using the file I downloaded so what I did was, and I am sure everbody will say I did it wrong was to activate the boot scan of AVAST and decided to choose delete on the action. I thought I only got one or two files infected 'coz I did that scan after 10mins from downloading bbut when the boots scan was finished, it deleted 99 files, most of them in win32 folder, and there was one instance when it said one file was not deleted so I tried the rest of the choices (like repair, move to chest, etc) and ended up with “ignore”.

Everyone I really need your help. Can’t afford to lose some important files.

I read in some threads that we got some great experts here so I highly appreciate all your help. Please let me know step by step what I need to do.

I’m using windows 7 32-bit and just a free Avast anti-virus. I don’t know if this information will help you guys figure out what’s the best thing to suggest.

And please, only in layman’s term… Not so techie here.

Thank you so very much :slight_smile:

Well bad news, if detection is correct and you have a Vitro/Virut file infector then this may end with a format and reinstall

Malware expert is notified…

Can't afford to lose some important files.
If so .... then i guess you have been smart and have a backup!

Thanks Pondus for the quick reply… That’s what I’m thinking of as well but still wanna ask you guys’ help to see if this machine can still be salvaged… Even my notepad.exe was deleted lol…

As I was reading other threads, I noticed that you guys may need the scan logs… where do I find that?

And oh, I’m still searching the internet for a notepad installer if there is…

And yeah, I’m checking if I activated the backup thing 'coz I remember I disabled that before due to huge disk space it consumed…

As I was reading other threads, I noticed that you guys may need the scan logs.. where do I find that?
Instructions https://forum.avast.com/index.php?topic=53253.0

thanks… working on it…

I now have the Malwarebytes Anti-Malware scanning my machine. So far, it got 52 threats detected (again, after most of my files have been deleted by avast boot scan) and I think this may take a while so I’m gonna have a nap and be back here in 15 minutes, that’s 22:15 GMT

Thanks everyone! :slight_smile:

Hello everyone! Here’re the three logs that we all need…

Thanks again!

Removal team is in bed now, check back tomorrow …

Obs: and FRST tool should produse two logs, you only attached one…

Hi,

I thought there’s only 3 tools in there? What’s OBS? Sorry

3 tools yes … and FRST will produce two logs frst.txt and additional.txt

Night night…

Oh… thanks Pondus…

OK, re-posting all three of them… Thanks for the help and night-night too… I’ll be back here from time to time to check

Hi.

I don’t have good news. Virtu is a shortage of Virtumonde, another alias of Virut - which is a death sentence for a system.
Your confirmation is that legitimate apps/executable files have been quarantined by avast. If so, we can really do nothing here.

The only one advice for you is to reformat/reinstall not only of your system drive, but all disks/partitions. Virus doesn’t care, it infects every file that he’s able to spot.

If you want to backup your personal data, do it only for music, videos, documents, photos… Do not backup any exe, dll, scr, htm, zip and rar files. Any games/apps shouldn’t be backed-up also. All needs to go down.

This is a very unfortunate thing then… Thanks Naathim…

And thanks for letting me know that can be backed up and what not… Will start working on it now…

Hi Mark Anthony,

Very sad to hear about your predicament, always very unfortunate to lose a computer to a vicious file-infection like Virut, designed just simply to ruin operational systems in an unpredictable way and to an unpredictable extent. To avoid such an infection in the future while your computer is been helped to a total re-install to exist a-new, read the following 22 steps http://www.wikihow.com/Avoid-Getting-a-Computer-Virus-or-Worm

polonus

Thanks polonus, thanks team!

:-\

I think I need to study more about viruses and the like from now on…

So that concludes everything. Please don’t delete the thread so I can go back and check all your suggestions… May be away from keyboard for now…

Uhm I guess I still have a question…

I have two HDDs – one for my drives C: and D: , and the other for the drives E: and F: …

Do I have to reformat both? Or can I just leave drives E: and F: since the ones affected were just drives C: (where 99 files were deleted) and D: (which has just one file infected and deleted by Avast boot scan)?

Virut’s first step upon running is injecting the process (winlogon.exe), for this reason firewalls will not identify the virus. The virus will infect files on local and shared drives. It does not depend on usage of these files.
Also completely uninstall your avast! av solution and reinstall anew as the existing av program has been compromised and can no longer be trusted.

polonus