Hello all, i am a new user of AVAST, just installed it on a laptop and run first scan and it has detected win32:vitro, which a previous version of mcafee did not detect.
AVAST has moved the virus to its virus chest, does this mean it is gone?? Do i need to do anymore? ???
Note: i have not previously detected any unusual activity, so i was surprised to find it…
All help appreciated…
You can start here, http://forum.avast.com/index.php?topic=42709.0 there is a lengthy discussion of this evil virus.
It’s a pain in the arse, quite honestly. Of course, you can get rid of it, but sometimes, the best answer is a re-format with fdisk, and start over. However, some have found that they can repair their systems.
If you do a search on the forum for “vitro” (without the quotes) you can get a better understanding of this virus infection.
I hope you the best of luck in getting rid of it.
This is an especially difficult problem to get rid of. But I have found a solution that worked for me.
Boot back into the system with your installation disks and re-install the OS. Don’t delete the partition or reformat the drive when reinstalling the OS. Your document folders (My Documents) under the old installation will still be there after you’ve put on a fresh copy of the OS.
Don’t log off or the virus will merely lock you out again in that perpetual login logoff loop.
Reload Avast. Go to the Standard Shield > Blocker Tab > Check Block Opening File for Writing. This will make sure you’re notified if the Vitro 32 is attacking a particular file. If the Vitro 32 is trying to infect a file, merely DENY it when the blocker dialog comes up. It will keep on trying, so keep denying it access.
This will allow you to get back into your folders to recover any documents you are locked out of. Back them up to a CD. This CD could be infected so that take in mind later when dealing with it!!!
The Vitro 32 will still be present (even if you reformatted the drive). So I’m suggesting you merely, at this point, try to get the non-executables you value saved.
Once you’ve recovered the data you need to WIPE THE DRIVE to kill off the virus wherever it is lurking. This will write zeros or other random data to the drive overwriting the sectors where the virus is hiding.
Go to DBAN or Wipe Drive and get a copy of the bootable CD or floppy version that you will burn to a CD. As you are burning the CD you might get blocker warnings the Vitro 32 is still active, but keep on denying it access. Once you’ve burned the CD you’re able to take your revenge.
(I used my Seagate Hard Drive installation disk to wipe the drive successfully on one computer. But on another I used DBAN to wipe it.)
Boot from the DBAN CD and follow the directions. Choose the Defense Department 5 passes to make sure you’re wiping it completely. I used the 35 pass selection because I was going to make sure!!!
Once you’ve wiped the drive re-install the OS and get your life back. Load Avast, turn the blocker back on in the Standard Shield, and make sure any media is thoroughly scanned before copying anything from it. If the backup data CD is infected the blocker will catch it before you re-infect the drive again. Keep the blocker feature on for a while to make sure it’s gone…turning it off when the anxiety subsides.
Welcome to the forums, BillC. 
Thanks for posting what worked for you. Hopefully, this information will help others who might acquire this problem.
Sir I have a suspense I think Nod32 made the WIN32: Vitro or known as Virut because When I using nod32 they are the one who removed the infected files. and while avast doesn’t removed it and they deleted the files and they could not able to cleaned them, while eset is can able to cleaned without deleting the files ::)…
Vitro is an later version of Virut and Vitro is a more virulent virus and proving much more difficult to clean as it by all accounts uses double encryption to try and prevent this.
Please do not blame Eset & Nod32. Because a cop is successful in catching a robber, you cannot blame a cop for robbery.