ie8 fix
madison

Discussion on:
Aussie power grid threatened by virus

View entire thread
Message 6 of 1
Next » « Prev
0 Votes
+ -
Virut Virus - very nasty ...
trog7 1st Oct 2009
The start of the year I have encountered VIRUT.
and it is a hard nut to crack - but I eventually DID kill it without losing much info or data - and Without resorting to formatting!
One of the BEST tools is Dr.Web CURE-IT!

One of the first things you'll notice with VIRUT infection is the resources suddenly get bloated and the computer tends to hang and slow down, and under Task Manager [ if you can get it to run - it may also get disabled !] the SVCHOST files get replicated, and dozens of CMD or COMMAND file entries suddenly show in the Task manager window at a very fast rate.

VIRUT will actually run and tries to spawn itself even under safe mode. It also placed a passcode on the ADMIN for safe mode, which I had to forcibly remove with an emergency boot disk tool kit.[ I am glad I bought that disk when I had the chance years ago .]
And another thing I found is it does a very nasty registry hack which Disables 90% of all known AntiVirus, and Anti-Spyware tools. Until I found this I was unable to install or re-install or run any other Anti Virus programs, or tools like SpyBot S&D, Malwarebytes AntiMalware, XoftSpy , and many others. I even tried a couple of "on-line" antivirus, which promptly started to just delete essential files it found infected, before I was able to forcibly terminate the diagnostic.
So then after having to try and re-load Windows back again I finally found and ran the Dr.Web CURE-IT!, which does what it says - cures what files it can instead of deleting them. - and this process WILL take many hours for the thorough scan ...
Another important thing to do if encountering VIRUT, is to disable and completely DELETE the Windows Restore backup files as these also get infected, and simply replace themselves back over the freshly cured files. [ and also have to purge the System Backup folder as well ].
And the final problem it causes is to disable the SFC tool by removing an essential registry link which causes SFC to be unable to rebuild the System Backup folder and files with clean new files.
It took a while but I was able to exterminate VIRUT off 2 machines .
VIRUT infects ALL Micro$oft OS's from at least Win9x to VISTA, it attaches to ALL .EXE and .com type files as well as .DLL's. It is a very active replicant and if it detects the internet it tries to bring in a host of other nasty trojans, worms, and so forth - even under Safe Mode !
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

ie8 fix