Techman
New Member
The baddest of the bad is out there running amok. It's called "Virut" and its variants are making the way around the web. Very bad one this guy is. I gotta hand it to the coder of this one. Very clever. It is just about 99% impossible to remove. Most people are forced to do a complete reinstall and reformat. No jail house expert will defeat this one. If one tries it will only get worse.
Virut is a virus that infects any executable files, html and screen savers. The maggot ware opens a back door and downloads more maggotry. And it could provide someone with unauthorized remote access to the compromised computer. It infects your system restore files so there is no going back as well.
Other variants invade additional files on your hard drive key drives and any other storage media it can find. Yes even SD cards.
It is polymorhic and invades HTML and .exe files. It is memory resident. It uses hidden files to remain on your machine. If it is in just one file it will propagate across your machine into every drive and into your network.
Years ago there was one called LOP.com that just about the worst there was in ruining your user experience. This Virut is LOP on steroids. This one makes smitfraud look like a first grader.
Virut comes in via some of those online greeting cards, warez, and compromised java, compromised files and just about any other .exe file you receive from any one. This one is so good it is rumored to be a revenge release. Why? because the sophistication of the code is not something a script kiddy would write.
Symptoms include sudden closing of your virus deflectors, and opening of your firewall. It invades the host file so you cannot goto a security site to get a fix. It slows your machine and will eventually infect your OS files and blue screen your machine. It compromises your browsers. It will invade Internet explorer and you may hear the surfing "click" when it makes a burst attack.
The usual cleaning tools do not work. Spy bot doesn't have a chance. Also, there are a few variants and not all "on the web cleaning techniques" work.
BEWARE. If you get a antivirus warning about VIRUT do not attempt a system restore. Disconnect from the web, and call your tech. It starts out slow but builds up speed as it wrights itself to more and more files. Do not attempt to stop it with malware deflectors. It will simply keep on its way.
IT damages your program files. Your program may not run or lock up. It registers itself with virus deflectors to look like it belongs there.
I have a client machine on my desk. This is my second experience with this one. The first time I saw it the client sent me the hard drive after he tried to clean a virus himself. It was too late. The OS files were compromised so much that only a reformat would work. Not even a repair install could get it back. This virus writes to the boot sectors. The machine would not boot in any circumstance.
The second machine..
Classic Virut infection. I installed a monitor software called "whats running" and watched. Suddenly a red line would appear and the virus would do a burst attack. Sit there for about 3 minutes and suddenly operate for about 5 seconds and quit. AHA! Gotcha maggotry..
I developed a cleaning solution but it was necessary to perform a repair OS install. I also found its base code file hiding some in My Documents files just waiting to reinfect the machine. All one has to do is access these files and the maggotry will be back.
Remember, It looks like a legal executable program. Your antivirus may alert to it but it will be too late. Spy bot will not stop it. Nor will Malwarebytes. If you try it will only make matters worse.
The only way out is a cleaning by a technician who knows the way around system files. Good luck my friends. And, it will take at least 4 cleaning runs to get it.
Summary.
Do not do a system restore. Do not accept any thing that has an .EXE file in it. Do not get a new hard drive and slave the old.. Do not try to stop it with standard malware deflectors. Disconnect from the internnet. Shut down the machine until you can get help. Call me if you need a hand. I can promise you that it will take some expertise to stop this one.
How good to you have to be? If you can read a hijack this log you may have the experience to stop this virut. Maybe!!!!
Virut is a virus that infects any executable files, html and screen savers. The maggot ware opens a back door and downloads more maggotry. And it could provide someone with unauthorized remote access to the compromised computer. It infects your system restore files so there is no going back as well.
Other variants invade additional files on your hard drive key drives and any other storage media it can find. Yes even SD cards.
It is polymorhic and invades HTML and .exe files. It is memory resident. It uses hidden files to remain on your machine. If it is in just one file it will propagate across your machine into every drive and into your network.
Years ago there was one called LOP.com that just about the worst there was in ruining your user experience. This Virut is LOP on steroids. This one makes smitfraud look like a first grader.
Virut comes in via some of those online greeting cards, warez, and compromised java, compromised files and just about any other .exe file you receive from any one. This one is so good it is rumored to be a revenge release. Why? because the sophistication of the code is not something a script kiddy would write.
Symptoms include sudden closing of your virus deflectors, and opening of your firewall. It invades the host file so you cannot goto a security site to get a fix. It slows your machine and will eventually infect your OS files and blue screen your machine. It compromises your browsers. It will invade Internet explorer and you may hear the surfing "click" when it makes a burst attack.
The usual cleaning tools do not work. Spy bot doesn't have a chance. Also, there are a few variants and not all "on the web cleaning techniques" work.
BEWARE. If you get a antivirus warning about VIRUT do not attempt a system restore. Disconnect from the web, and call your tech. It starts out slow but builds up speed as it wrights itself to more and more files. Do not attempt to stop it with malware deflectors. It will simply keep on its way.
IT damages your program files. Your program may not run or lock up. It registers itself with virus deflectors to look like it belongs there.
I have a client machine on my desk. This is my second experience with this one. The first time I saw it the client sent me the hard drive after he tried to clean a virus himself. It was too late. The OS files were compromised so much that only a reformat would work. Not even a repair install could get it back. This virus writes to the boot sectors. The machine would not boot in any circumstance.
The second machine..
Classic Virut infection. I installed a monitor software called "whats running" and watched. Suddenly a red line would appear and the virus would do a burst attack. Sit there for about 3 minutes and suddenly operate for about 5 seconds and quit. AHA! Gotcha maggotry..
I developed a cleaning solution but it was necessary to perform a repair OS install. I also found its base code file hiding some in My Documents files just waiting to reinfect the machine. All one has to do is access these files and the maggotry will be back.
Remember, It looks like a legal executable program. Your antivirus may alert to it but it will be too late. Spy bot will not stop it. Nor will Malwarebytes. If you try it will only make matters worse.
The only way out is a cleaning by a technician who knows the way around system files. Good luck my friends. And, it will take at least 4 cleaning runs to get it.
Summary.
Do not do a system restore. Do not accept any thing that has an .EXE file in it. Do not get a new hard drive and slave the old.. Do not try to stop it with standard malware deflectors. Disconnect from the internnet. Shut down the machine until you can get help. Call me if you need a hand. I can promise you that it will take some expertise to stop this one.
How good to you have to be? If you can read a hijack this log you may have the experience to stop this virut. Maybe!!!!
