Virut-Very Vicious Infection

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Chewy
    Super Moderator
    • Nov 2003
    • 18971

    Virut-Very Vicious Infection

    I can almost guarantee you if infected you will be doing a flatten and rebuild

    Virut File Infector Warning
    Your system is infected with a polymorphic file infector called Virut. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. As of now, security experts suggest that a clean reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state.

    Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

    Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.
    I have several archived installers i would hate to lose, I am backing them up to dvd-r

    The page you're trying to access could not be found or is no longer available.


    City officials recently identified the problem as the Virut virus and said it hit about 475 computers
  • Abuilder
    Digital Video Enthusiast
    Digital Video Enthusiast
    • Oct 2006
    • 347

    #2
    the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files
    ??? A bug or Intentional ?
    They tried to Assimilate me and failed!

    Comment

    • Chewy
      Super Moderator
      • Nov 2003
      • 18971

      #3
      Just sloppy coding, some malware kills all it's victims, in this case I don't think it was intentional, just overambitious

      Comment

      • Abuilder
        Digital Video Enthusiast
        Digital Video Enthusiast
        • Oct 2006
        • 347

        #4
        Chewy
        What I was thinking was if the code was intentionally written to place a “set” code in most executable files it would be easy for most anti-vir & malware programs to create a def file to cover the pattern but if it also had the ability to created random code just to corrupt some executables it would be impossible to find all the infected executables.
        I better clam-up before some blackhat gets any more clever ideas.
        They tried to Assimilate me and failed!

        Comment

        • Chewy
          Super Moderator
          • Nov 2003
          • 18971

          #5
          Seems this new variant has started infecting a users executables in shared folders for P2P, nice vector for distribution

          Comment

          • Chewy
            Super Moderator
            • Nov 2003
            • 18971

            #6
            To add insult to injury the newest strains are blowing right by the vast majority of resident antivirus protection

            This is looking like a cross between the bubonic plague and aids

            Comment

            • Abuilder
              Digital Video Enthusiast
              Digital Video Enthusiast
              • Oct 2006
              • 347

              #7
              Hey Chewy
              It looks like you are following this one pretty good. Do you have any info on which AV programs are missing it, or better yet which AV’s are catching it?
              What about malwarebytes?
              They tried to Assimilate me and failed!

              Comment

              • Chewy
                Super Moderator
                • Nov 2003
                • 18971

                #8
                I have been tracking an installer file(VB downloader) for an Obduran infection on the Gnutella network for 3.5 weeks now that can pretty much take most AV's out of the defensive equation.

                Its first task is to blow away(fakes) the SSDT table,at this point the system has proverbally had it pants pulled down and in no way capable to protect.At this point any AV using SSDT hooking operations will be KO'ed....the lights will be on but noone will be home!

                It's next task is to download multiple trojans,worms,rootkits and the dreaded Virut to boot.
                VirusTotal is a free virus, malware and URL online scanning service. File checking is done with more than 40 antivirus solutions. Files and URLs can be sent via web interface upload, email API or making use of VirusTotal's browser extensions and desktop applications.


                KIS with HIPS will stop it

                Comment

                • admin
                  Administrator
                  • Nov 2001
                  • 8951

                  #9
                  Are they talking about the same strain here? Or has a new strain popped up?

                  Visit Digital Digest and dvdloc8.com, My Blog

                  Comment

                  • Abuilder
                    Digital Video Enthusiast
                    Digital Video Enthusiast
                    • Oct 2006
                    • 347

                    #10
                    Admin
                    W32.Virut.CF is one of the newest strains.
                    I found a new removal tool put out by Summantec
                    Signing Time: 02/20/2009 7:52:05 AM
                    It scans for infected files and if it can’t repair them it deletes them
                    Must be run in safe mode and disconnected from the net.


                    BTW:
                    Symantec W32.Virut Removal Tool 1.1.2

                    W32.Virut has not been found on your computer.
                    They tried to Assimilate me and failed!

                    Comment

                    • Chewy
                      Super Moderator
                      • Nov 2003
                      • 18971

                      #11
                      I think I'm Infected with Virus.Win32.Virut.ce - posted in Am I infected? What do I do?: Hi, after clicking on a link from google, I started getting error messages, and my antivirus program, Avira, won't work or uninstall or do anything. I ran Malwarebytes numerous times and it keeps coming up as having no problems. My Windows sign in screen is messed up, but other than that my computer isn't acting up too bad, but I am afraid that it will get worse. I ran the Kaspersky online...


                      Delete away, run windows as a repair disk, reinstall programs and if you miss one file, load point, registry entry, go back and start all over again

                      Comment

                      • Chewy
                        Super Moderator
                        • Nov 2003
                        • 18971

                        #12
                        In short there is no quick 1 hit recovery from Virut...if any one claims to do this then they are misleading you.

                        Comment

                        • Abuilder
                          Digital Video Enthusiast
                          Digital Video Enthusiast
                          • Oct 2006
                          • 347

                          #13
                          Chewy
                          Even though the destructive nature of this virus is extreme, the risk level for Virut is still considered low.

                          If someone surfs the lower levels of the net (below grade aka underground) they can expect to get all kinds of virus and backdoors installed on their machine.
                          A quote from the last link you posted pretty much sums it up.
                          Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
                          I for one haven’t had a virus or any really bad malware on any of my systems for years, because homie don’t go there no more. LOL
                          They tried to Assimilate me and failed!

                          Comment

                          • doctorhardware
                            Lord of Digital Video
                            Lord of Digital Video
                            • Dec 2006
                            • 1907

                            #14
                            I still do but I always have an image of my drive and is always current. So I am not
                            worried about loosing any data that is important. Maybe a download or two maybe lost.
                            Star Baby Girl, Born March,1997 Died June 30th 2007 6:35 PM.

                            Comment

                            • Chewy
                              Super Moderator
                              • Nov 2003
                              • 18971

                              #15

                              Comment

                              Working...