WIN32.Virut.56

[Asinine08]

So I downloaded FRAPS off of a website that I found on Goggle and within 2 seconds of instaling the program (freeware) I got a blue screen of death.


I shut off my pc and booted up, once everything started to load I was getting the fake WINDOWS security alerts and I could see that the program was trying to download something and complete the instal.

I immediatly pull the plug on my modem and grab a laptop to start my 8 hour resolve only to discover that my computer basically has AIDS and is destined for the depths of hell.

It is what it is and I knew I was in for a ride when my pc BOD on me but my question is do you guys think I may have a chance to beat this thing since it didnt finish downloading what it was trying to?

I ran a scan in safe mode and I thought it worked but it didnt and now I made a boot disc and Im in the middle of an 7 hour scan so far.. I really have no issues with a reformat which reagurdless of outcome I will do but a few questions are :

1. I have 200 Gigs of Music can they be saved?
2. Can this Virus spread to my slave even if I save no .exe's?
3. What is the complete list of file types that can carry this virus?
4. Is there an EFFECTIVE scaner that will INSURE the safty of salvaged files?


I am going to make the assumption that just like any program it takes time to infect a PC its not something that is done intsantly.... I had a slave drive with over 400 Gigs of programs but they were on physically separate drive not being used. Is there a way to scan it and know 100% that its safe?

Most of the stuff on the drive I can get back but there are some things that I must have... I just need suggestions and maybe directions on safely getting data that I need keeping me at minmal risk of re-infection of my new instal.

The Virus seems to instal on ALL .exe's that are in startup and in almost all drivers on the computer.....

SAFE mode without Networking is the only time the VIRUS seems not to be running. If I run it in safe mode with networking it trys to download files and I pull the plug and reboot in safe mode. Note:: When I pull the plug the status bar stops and the Virus hangs... To me this is a good thing it tells me that it needs something to complete its masterpiece on my pc.

Anyway... Lastly what Anti Virus program do the powers that be here at Major Geeks recommend to protect me from this virus in the future.. Can this be detected before infection, can it be stoped?


Thank you in advance.

[chaslang]

Quote:

Originally Posted by Asinine08

It is what it is and I knew I was in for a ride when my pc BOD on me but my question is do you guys think I may have a chance to beat this thing since it didnt finish downloading what it was trying to?

If you really have a Virut infection, your safest most reliable course of action is to delete partitions (all), format and reinstall.

Quote:

Originally Posted by Asinine08

1. I have 200 Gigs of Music can they be saved?

Unknown. MP3, WMV, ...etc can possibly carry the infection.

Quote:

Originally Posted by Asinine08

2. Can this Virus spread to my slave even if I save no .exe's?
3. What is the complete list of file types that can carry this virus?

Depends on what you are call an executable. And no there is not a complete list since their are many forms of these infections and things change over time. We have seen EXE, DLL, SCR, HTML, MHT, AVI, and more being infected.

Quote:

Originally Posted by Asinine08

4. Is there an EFFECTIVE scaner that will INSURE the safty of salvaged files?

No guarantees but you could try some various scans from AV companies. They all have tools for trying to work with Virut and similar infections. The problem is that they are not always reliable and many times the fix is to delete the file.

Quote:

Originally Posted by Asinine08

I had a slave drive with over 400 Gigs of programs but they were on physically separate drive not being used. Is there a way to scan it and know 100% that its safe?

You can scan it with a good antivirus program but if you scan it from the PC that is already infected then the scanner itself is most likely already infected and the act of scanning the slave drive will infect the files being scanned (if they are not already infected).

[QUOTE=Asinine08;1354600] I just need suggestions and maybe directions on safely getting data that I need keeping me at minmal risk of re-infection of my new instal.

Quote:

Originally Posted by Asinine08

SAFE mode without Networking is the only time the VIRUS seems not to be running.

If your system files are infected (which is typica) then the infection is still present and can still spread to other files. It just may not be able to access the internet to perform other activities.

Quote:

Originally Posted by Asinine08

Anyway... Lastly what Anti Virus program do the powers that be here at Major Geeks recommend to protect me from this virus in the future.. Can this be detected before infection, can it be stoped?

Since we have had many dozens of users come here with Virut type infections, it is clear that no AV programs provide 100% protection against this infection. What we can say is that you need layered protection:

• hardware firewall in a router
• software firewall
• updated antivirus
• updated antispyware with realtime protection
• host file protection and bad download sites protection which you get can get from Spybot and Spyware Blaster
• proper education of the users of the PC and proper surfing habits. Do not use torrents or P2P downloaders. Do not access porn sites.

You can check out tools like the below but you may find these to leave your PC in an unreliable/untrustworthy state:

http://www.avg.com/us.virus-removal.ndi-67762
http://onecare.live.com/site/en-us/default.htm
http://www.symantec.com/security_response/writeup.jsp?docid=2009-022016-4444-99

In additon the below scanners could be useful. A few of these are online scanners:

Using Dr.Web CureIt
Using BitDefender Online Scan
Using ESET's Online Scanner
Trend Micro Housecall