What is the best way or removal tool to clean a computer that has the virus "Virus:Win32/Virut.EPO"...Bascially need a tool or programs that can detect this virus, clean the infections, and remove the file causing it.
I do not know of any security vendor who will guarantee complete removal
of file infectors
since they cannot ensure that some files will not get corrupted during the disinfection process
. This means that infected executables and system files can become unusable
after attempting to repair them and afterward, there is still no guarantee the virus is really gone. Since many of the affected files are legitimate critical files required by the operating system, deletion is not a viable option
. Even many anti-virus vendors admit that some malicious programs like file infectors cannot be properly disinfected by their products.
avast: Buggy file infectors
File infectors are not on the top of their popularity nowadays (theres not a wide variety of them ITW, but the few active such as Sality or Virut are difficult to defeat). One reason is the frequency of their updates and the complexity of their polymorphism, another reason is the fact, that these viruses are not perfectly tuned. If the file infector should be successful (and transparent to the normal system behavior), it simply should not produce corrupted files (the process crashes will quickly point out whats going on). I will show you some examples of bugs in file infectors (below in this article). The problem is that these bugs often make the infected binaries uncurable...
avast: File infectors part 2
...You can see some tools claiming theyre able to clean even the most complex infections, but believe me, theres no guarantee to restore the system to its original state. A cleaned file (in my opinion) means a file that has no malicious functionality and does not contain any (even inactive) traces of the infection. My daily practice offers me many files cleaned from the Virut infection with some 3rd party tools, but they still contain significant parts of the infection and are thus detected by our engine....
Sophos: To Junk Or Not To Junk
...it is quite interesting to look at modern day polymorphic viruses and whether their propensity to junk files is wholly by accident or whether there is the occassional element of intent involved...a mass infection that leaves behind a large number of irreparably corrupt files can still be very damaging. Some members of the Virut/Vetor family will randomly choose not to leave an infection marker after infection. This leaves the way open to multiple infections (more headaches for anti virus companies) but also increases the chances that the end file will be corrupt...
Avira: Cleaning polymorphic infected files
...In many cases, files cannot simply be deleted as this would affect the stability or even basic functionality of the operating system and other software. Instead, the infected host program must be disinfected by removing the virus code from it and by carefully restoring the original contents and file structure if possible. This means detection and removal are still an issue for antivirus software....
Norton (Symantec): File infector
The suggestions in this article are not intended to 100% guarantee removal of all threats...The file infector employs a technique to make sure its corrupted .DLL format will replace the targeted extensions found within the system. When the computer is rebooted it incidentally boots the infected file and continues its advancement throughout the system...
AVG: polymorphic infector
There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files...it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. Undetected, corrupted files (possibly still containing part of the viral code) can also be found. This is caused by incorrectly written and non-function viral code present in these files.
Kaspersky: file infector
...you can try via rescue cd, or slave mounted hard drive. but there's no guarantee that some files won't get corrupted through the disinfection process.
avast: a file infector and why we cannot give false hope!
...for infected users we have to offer no hope - fdisk - format and re-install is the only solution open to them...
There are no guarantees when it comes to malware removal and dealing with file infectors as severity of damage will vary
. In my experience, users may find their system performing better for a short time after attempted disinfection only to have it become progressively worst again as the malware continues to reinfect thousands
of files. Some folks will try every tool or rescue disk they can find in futile attempts to repair critical system files. If something goes awry during the malware removal process the computer may become unstable or unbootable
and you could loose access to all your data. In the end most folks end up reformatting out of frustration after spending hours (and days) attempting to repair and remove the infected files.
That's why most security experts say the best course of action is to wipe the drive clean, reformat
and reinstall the OS.
miekiemoes' Blog: Virut and other File infectors - Throwing in the Towel?
If I guide someone with Virut (or any other File Infector) present and their Antivirus cannot properly disinfect it, then I recommend a format and reinstall...dealing with such infections is a waste of time and that's why I prefer the fastest and safest solution - which is a format and reinstall...After all, I think it would be irresponsible to let the malware "stew" (download/spread/run more malware) for another couple of days/weeks if you already know it's a lost case.