Jump to content
Posted 18 June 2011 - 11:33 PM
Posted 19 June 2011 - 04:27 AM
The Microsoft Windows Malicious Software Removal Tool removes specific, prevalent malicious software families from computers running compatible versions of Windows.
SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP
Posted 19 June 2011 - 08:36 AM
Microsoft Security Intelligence Report
Detections for Virut were first added to the MSRT in August 2007.
May MSRT by the numbers
In May, we added Win32/Ramnit to the Microsoft Removal Tool (MSRT) detection capability, as my colleague Scott Molenkamp blogged. As of May 20th, MSRT disinfected 52,549 computers from the Win32/Ramnit infection. Ramnit is one of the four parasitic viruses out of the top 10 detected threat families.
Sophos: To Junk Or Not To Junk
...it is quite interesting to look at modern day polymorphic viruses and whether their propensity to junk files is wholly by accident or whether there is the occassional element of intent involved...a mass infection that leaves behind a large number of irreparably corrupt files can still be very damaging. Some members of the Virut/Vetor family will randomly choose not to leave an infection marker after infection. This leaves the way open to multiple infections (more headaches for anti virus companies) but also increases the chances that the end file will be corrupt...
Avira: Cleaning polymorphic infected files
...In many cases, files cannot simply be deleted as this would affect the stability or even basic functionality of the operating system and other software. Instead, the infected host program must be disinfected by removing the virus code from it and by carefully restoring the original contents and file structure if possible. This means detection and removal are still an issue for antivirus software....
avast: a file infector and why we cannot give false hope!
...for infected users we have to offer no hope - fdisk - format and re-install is the only solution open to them...
McAfee: polymorphic infector
...it injects its code into running processes...The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files...unfortunately, some infections are corrupted beyond repair.
Norton (Symantec): File infector
The suggestions in this article are not intended to 100% guarantee removal of all threats...The file infector employs a technique to make sure its corrupted .DLL format will replace the targeted extensions found within the system. When the computer is rebooted it incidentally boots the infected file and continues its advancement throughout the system...
AVG: polymorphic infector
There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files...it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. Undetected, corrupted files (possibly still containing part of the viral code) can also be found. This is caused by incorrectly written and non-function viral code present in these files.
Kaspersky: file infector
...you can try via rescue cd, or slave mounted hard drive. but there's no guarantee that some files won't get corrupted through the disinfection process.
miekiemoes' Blog: Virut and other File infectors - Throwing in the Towel?
If I guide someone with Virut (or any other File Infector) present and their Antivirus cannot properly disinfect it, then I recommend a format and reinstall...dealing with such infections is a waste of time and that's why I prefer the fastest and safest solution - which is a format and reinstall...After all, I think it would be irresponsible to let the malware "stew" (download/spread/run more malware) for another couple of days/weeks if you already know it's a lost case.
0 members, 0 guests, 0 anonymous users