Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question on Win32/Virut


  • Please log in to reply
1 reply to this topic

#1 sandman1374

sandman1374

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Grand Rapids Michigan
  • Local time:08:40 AM

Posted 08 September 2009 - 02:37 AM

While helping a friend with what we thought was only a possibly damaged hard drive I was checking the contents of this hard drive (NOT opening anything) with my pc with a USB adapter and transferred a few files he needed, "AllData" which contains automobile work order records, outlook PST files and his Firefox bookmarks to his external hard drive also connected through USB. I used click and drag method from one to the other. Nothing more. Now 3 weeks later I went to empty my AVG Free virus vault and found 7 items listed as Win32/Virut (YIKES) all with the "Path to file" in the "E" drive (example, E:\RUNDLL32.exe). After reading about this threat here at BC I'm VERY nervous!!! Can anyone offer any input? My pc seems to be fine and haven't noticed any changes in performance. I don't know what the "Removable Disc E" as it shows in "My Computer" is for sure and hope maybe some can enlighten me to this as well.

Custom, AMD R7 1800x @ 3925MHz. ASUS Crosshair VI Hero, 2 x 8GB G-Skill Flare-X @ 3466MHz 14-13-13-26-1T, Samsung 960 m.2 NVMe OS. Samsung 840 Pro 120GB SSD OC OS. 2TB WD Blck data, 4TB WD Red Storage, EVGA G2 850 PSU, HD7970 3GB w/XSPC Razor WB. EK C6H Monoblock,  D5 Vario, RX360 rad,RS360 rad, EX140 rad, Xigmatek Elysium. Win10 Pro x64, Linksys WRT1900 ACS, Firefox Beta, Avast Free, Malwarebytes Pro, CCleaner,


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:40 AM

Posted 08 September 2009 - 07:22 AM

One of the primary ways virut spreads is by infecting a flash drive (or other removable storage) with RUNDLL32.EXE. This file can then infect a computer system once the flash drive is inserted into a usb port if its not detected immediately by your anti-virus program and removed.

Virut is a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). Virux is an even more complex file infector which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml ). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of infection can vary.

However, from what you describe it appears AVG was able to detect the infected file on your flash drive and remove it in time. If it had not done that, then your machine would probably be infected by now. Get a second opinion by performing an Online Virus Scans like BitDefender or Kaspersky Webscan.

I would also recommend you reformat your flash drive: How to Format a Flash Drive
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users