Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

is there a cure for virut


  • Please log in to reply
2 replies to this topic

#1 pdxSteve

pdxSteve

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 04 March 2009 - 08:48 PM

hello,

my name is steve and i am afraid i have bad news...

is there a fix for this virus?

if not can someone tell me the safest way to

1. Format my hard drive
2. Harvest files from my infected system.

Thanks in advance..

sk

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:46 AM

Posted 04 March 2009 - 09:34 PM

Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.
Chewy

No. Try not. Do... or do not. There is no try.

#3 pdxSteve

pdxSteve
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 04 March 2009 - 10:33 PM

DaChew..

Thanks for the reply and links... I read the "towel" blog and on the AVG site I found..

http://www.avg.com/virus-removal.ndi-67762



Virus Removal
We provide you with a list of specialized utilities for virus removal. The utilities can be used to remove of some of the most common viruses. The list is updated on regular basis.

Win32/Virut
Download the following two files ( rmvirut.exe, rmvirut.nt ) and run the rmvirut.exe file.

You can also specify the disks (or partitions) to heal as a command parameters, e.g.: "rmvirut C: D:". If the command is used without parameters, it heals all disks (partitions) on computer.

Note:
Successful running of the remover requires administrator rights. For proper functionality of the remover it is necessary to save the rmvirut.nt into the same folder as rmvirut.exe. After the healing process please run the AVG Complete Test to make sure your computer is virus-free."



I'm trying it now and it required a reboot because "virus found in memory"... upon booting right after chkdsk, before "Welcome..." it kicks in and is going through all the files and is putting "Cleaned" after the files it is repairing.

Anyway, it is giving me a little hope that I won't have to :thumbsup: . Will post findings..

Cheers..

pdxSteve





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users