Saturday, April 4, 2009

W32 Vitro Virus strikes


Don’t know how this virus got in.

I use Avast Antivirus Free edition and Zone Alarm Firewall.

Avast caught this virus, but was unable to clean it, only option is to delete the file. The pain was that the virus infects windows system files, so if you try to delete the files, you end up with an un-usable OS pretty soon.

Ended up re-formatting the hard disk and re-installing windows !! Pretty bad, I need to be more careful in future.

Some of the things you could try include

  • Re-building the windows installation as described here. Please read the discussion at the link carefully, may not work for you depending on the installation CD you have !! Also there are folks complaining that this did not really solve the problem. Worth a shot if you catch the virus really early, I guess
  • Trying to download and install some other anti-virus. I tried this and the moment I tried to launch the installer, the virus corrupted it :(
  • Sophos anti-virus seems to indicate they can clean this virus, I am not sure how true this is
  • Copy your personal data ( don’t copy any exes !!) to an external USB hard disk ( quite cheap these days) , reformat and re-install windows. As mentioned above, this was the only thing that worked for me
  • If you are not in a tearing hurry, you could try waiting for a couple of weeks before someone comes up with a fix for this. Unlikely you can wait that long though :)

Read more at the following links

http://forum.avast.com/index.php?topic=42709.0

http://www.tech-linkblog.com/2009/02/polymorphic-win32vitro-most-virulnt-virus.html/

http://dcs-tech-corner.blogspot.com/2009/02/new-virus-warning-w32vitro.html

6 comments:

Anonymous said...

Hi !

Have exactly the same thing. I don't want to re-install, so trying to put back Norton images... Don't know if I will succeed. Will try Avast boot check.
Keep you updated !

KR
Dirk

Pradeep V said...

Good luck !!

I had been contemplating a re-install for sometime as my PC had been slowing down. I had all my files backed up onto an external hard disk, so re-install and re-format was not too much of a pain.

Pradeep

Anonymous said...

Well, I needed to re-install, since I did not have a proper image backup. So, now I installed the system, reconnected my external USB drive, and executed one exe file on that disk... and now back to zero... the virus is back... And now I installed AVIRA (free) virus protection. Now, I'm trying with AVAST to get rid of the virus (AGAIN!!), but I see that one by one my exe's are melting... GRRRRRRRR Dirk

Craig said...

I found a combination of avast boot-time scan and DR Web Antivirus in safe mode will rid you of this terrible thing.
Although my system is clean I am limping along because a few exe files from windows were deleted to finish the virus off.
If AVAST catches it then its already too late though.
It connects to an irc server and trys to infect all your network shares.
BEWARE

nemo said...

Well i reinstalled windows and installed kaspersky from a cd, then scaned it all in safe mode, kaspersky cleaned it all up without deleted my files.

jhonny said...

how to remove this virus, without deleting infected files??? thanks