removed all .exe and .dll files from my external HDD. only pics and movies left on it now. reformatted the computer and reinstalling software now. no sign of popups anymore but i am a bit worried about plugging the hard drive back in.
Wait. He got the Vitro Virus from a downloaded Windows Disk? I just formatted a guy's computer recently and two days later (I installed AVG and Super AntiSpyware for him) he informs me that he got the virus.
Wait. He got the Vitro Virus from a downloaded Windows Disk? I just formatted a guy's computer recently and two days later (I installed AVG and Super AntiSpyware for him) he informs me that he got the virus.
Do I have a bad disk??
If you downloaded Windows from an infected computer, it may have been compromised.
Also, AVG isn't particularly good at detection rates lately, so as with the others Avast/Avira might have been a better bet. SAS does not do real-time protection unless you pay for the pro version, IIRC.
Wait. He got the Vitro Virus from a downloaded Windows Disk? I just formatted a guy's computer recently and two days later (I installed AVG and Super AntiSpyware for him) he informs me that he got the virus.
Do I have a bad disk??
Nah, it just infected .exe files that I carried over to the new Windows installation.
i've got the same problem i.e. same popup with and IE going to a page that offers 'meds' etc. Got it from an .exe file that my partner downloaded from a torrent. Found the file with extension .mp3.exe
it is extremely annoying. AVG has picked up hundreds of nasties over several runs and I am watching these forums to see if there is any way out apart from formatting. I have had several external devices attached and don't really want to format all of them if i can help it as it is just too much effort to replace all of it.
For starters you need to try a different anti-virus, AVG has limited ability at removing viruses. Download the free trial of NOD32. You could also give Malwarebytes a try, it's probably the best anti-malware program.
Could you elaborate? This is the first time I have heard this, any other gripe against AVG has been it's simplistic UI and its penchant to mark Windows system files as viruses when they aren't.
AVG hasn't been so great in awhile. For me I stopped using & recommending AVG around 2 years ago because people whose systems I installed it on kept getting infected. AVG got better but hard core virues like the Vitro and certain types of malware are not phased by AVG. I've seen complaints from people where AVG found the virus but could not remove it.
I run NOD32 on my system. My freebie of choice is Comodo folled by PC Tools yet I don't know if these 2 have been tested against others yet. I prefer Comodo because it can auto update in Vista without UAC hassles/mods. And it comes with a top notch Firewall and system guard that's only useful if you don't have UAC or are paranoid.
Make sure you upgrade all your browser plugins as well now. Vulnerabilities in older versions of Java, for instance, have been used to infect systems (via drive-bys and bad ads). Download and install the latest version from Sun's Java site. Which will also tell you if you have the latest version already.
Glad you got it cleared up! I know from experience how damn frustrating these tenacious virii can be.
HarshLanguage on
> turn on light Good start to the day. Pity it's going to be the worst one of your life. The light is now on.
Even though this thread is a couple of months (years, for some Virut/Vitro variants) old, I wanted to let everyone know my steps to take care of this thing.
Fortunately for his files, I recognized it being infected immediately, when my friend had double-clicked on a exe from a trusted source. It immediately put a few porn site icons on the desktop, and within a few minutes, had downloaded and executed many other programs. I shut off the internet connection, and thinking it was normal spyware, proceeded to manually remove Run entries, end processes in memory that weren't Windows processes, etc. There were lots of file protection errors at first, and as I wrestled with this beast more, I realized that it was much worse than regular spyware.
Unaware that this virus infected .exe's and .scr's, I had reinstalled about 3 times before I realized his backup drive was infected as well - with an actual polymorphic virus, which I really haven't heard of or seen in the wild in years. AVG was shut down and disabled, and it was difficult to get any program to work right (due to the data corruption this virus introduces).
My solution was to wipe the boot drive (standard reformat, yes, even a "Quick" one), reinstall Windows - not installing any network drivers, and not connecting to the internet, boot into safe mode (just in case), delete all the exe files and scr files on the backup drive - including ones inside .zip files, .cab files, and .rar files - as this virus can infect them as well - and parse all the .htm, .html, .php, and .asp files (the later variants of this virus also insert a small iframe into your web documents pointing to a malware server).
As of now (late July 2009), there are only a small handful of anti-virus software programs that can successfully detect this virus' code - I used Avast, which will not protect you when you initially run an infected file, be warned. Avast only detects already-infected exe's, when it's too late to save them.
Running in Safe Mode, after all those files were deleted off my friend's backup, I checked the processes to make sure reader_s.exe or any of the other virus files weren't running, then installed Avast, and got it to do a scan after a reboot. A few viruses were found in the backup drive's System Restore area (drive:\System Volume Information\_restore), but I was able to delete the files with no problems. I reinstalled all the programs they needed from the internet and not their backup, and it all looks good so far.
This is why I run NOD32 for my AV and keep Malwarebytes as my main anti-spyware. I've had this thing try to infect me before. I've never seen NOD32 freak out like that before or since. In the 3 years I used Vista Vitro was the only virus that slipped past all the OS & network security I run.
I haven't dropped Spybot since it wasn't able to remove everything, but I do not solely rely on it anymore.
So should I BUY Nod32 instead of using free Avast or Avira?
It is a very good product. I personally use it because my family members all use my PC and some go to virus ridden sites like MySpace among other places. If you have a big problem with viruses on your PC I would say yes otherwise it's up to you.
If you do buy it get it from newegg. They're the cheapest and it's supposed to be cheaper to renew it after purchaseing it. I haven't had to do that yet.
So should I BUY Nod32 instead of using free Avast or Avira?
If you buy anything, buy NOD32. Whether or not a free solution is good enough for you, is up to you and your computing practices. But NOD32 is basically the king of the paid anti-virus products.
I have read your thread. I have a Windows 7 in my laptop. I have been suffered a lot by this problem. Whenever I starts my PC, It reboots automatically after displaying an error. The error tells that some files missing. What should I do to solve this problem?
I had Win32:Vitro infect one of my XP computers, and on XP it kills the system. AVG doesn't pick it up, but Avast does.
It had embedded itself into one of the installation files I use when I setup new machines, and it was on my external HDD for months and months, because I run Vista which is unaffected by it, and AVG never picked it up. And still doesn't.
Posts
Do I have a bad disk??
If you downloaded Windows from an infected computer, it may have been compromised.
Also, AVG isn't particularly good at detection rates lately, so as with the others Avast/Avira might have been a better bet. SAS does not do real-time protection unless you pay for the pro version, IIRC.
Nah, it just infected .exe files that I carried over to the new Windows installation.
AVG hasn't been so great in awhile. For me I stopped using & recommending AVG around 2 years ago because people whose systems I installed it on kept getting infected. AVG got better but hard core virues like the Vitro and certain types of malware are not phased by AVG. I've seen complaints from people where AVG found the virus but could not remove it.
I run NOD32 on my system. My freebie of choice is Comodo folled by PC Tools yet I don't know if these 2 have been tested against others yet. I prefer Comodo because it can auto update in Vista without UAC hassles/mods. And it comes with a top notch Firewall and system guard that's only useful if you don't have UAC or are paranoid.
Glad you got it cleared up! I know from experience how damn frustrating these tenacious virii can be.
> turn on light
Good start to the day. Pity it's going to be the worst one of your life. The light is now on.
Fortunately for his files, I recognized it being infected immediately, when my friend had double-clicked on a exe from a trusted source. It immediately put a few porn site icons on the desktop, and within a few minutes, had downloaded and executed many other programs. I shut off the internet connection, and thinking it was normal spyware, proceeded to manually remove Run entries, end processes in memory that weren't Windows processes, etc. There were lots of file protection errors at first, and as I wrestled with this beast more, I realized that it was much worse than regular spyware.
Unaware that this virus infected .exe's and .scr's, I had reinstalled about 3 times before I realized his backup drive was infected as well - with an actual polymorphic virus, which I really haven't heard of or seen in the wild in years. AVG was shut down and disabled, and it was difficult to get any program to work right (due to the data corruption this virus introduces).
My solution was to wipe the boot drive (standard reformat, yes, even a "Quick" one), reinstall Windows - not installing any network drivers, and not connecting to the internet, boot into safe mode (just in case), delete all the exe files and scr files on the backup drive - including ones inside .zip files, .cab files, and .rar files - as this virus can infect them as well - and parse all the .htm, .html, .php, and .asp files (the later variants of this virus also insert a small iframe into your web documents pointing to a malware server).
As of now (late July 2009), there are only a small handful of anti-virus software programs that can successfully detect this virus' code - I used Avast, which will not protect you when you initially run an infected file, be warned. Avast only detects already-infected exe's, when it's too late to save them.
Running in Safe Mode, after all those files were deleted off my friend's backup, I checked the processes to make sure reader_s.exe or any of the other virus files weren't running, then installed Avast, and got it to do a scan after a reboot. A few viruses were found in the backup drive's System Restore area (drive:\System Volume Information\_restore), but I was able to delete the files with no problems. I reinstalled all the programs they needed from the internet and not their backup, and it all looks good so far.
Good luck, all. Hope this helps.
I haven't dropped Spybot since it wasn't able to remove everything, but I do not solely rely on it anymore.
It is a very good product. I personally use it because my family members all use my PC and some go to virus ridden sites like MySpace among other places. If you have a big problem with viruses on your PC I would say yes otherwise it's up to you.
If you do buy it get it from newegg. They're the cheapest and it's supposed to be cheaper to renew it after purchaseing it. I haven't had to do that yet.
http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&DEPA=0&Description=Nod32&source=activity
I have read your thread. I have a Windows 7 in my laptop. I have been suffered a lot by this problem. Whenever I starts my PC, It reboots automatically after displaying an error. The error tells that some files missing. What should I do to solve this problem?
You also need to tell us what error was displayed, and what files were missing.
It had embedded itself into one of the installation files I use when I setup new machines, and it was on my external HDD for months and months, because I run Vista which is unaffected by it, and AVG never picked it up. And still doesn't.