How I Got Infected With Virut and How I Removed It
I have always believed that it’s hard to get infected with a malware, as long as you are sensible. Obviously, this turns out to be a bit more difficult when you are constantly connected to a hostile environment, like say a hostel LAN. But, any decent antivirus should be more than enough to keep malwares at bay. Yet, I got infected with a malware, after a long long time (I mean really long). And it happened because I was careless.
What happened was that I had temporarily disabled my antivirus and forgot to reactivate it before inserting a foreign USB device. The end result was simple; I got infected with Virut (Virus.Win32.Virut.ce).
Virut is a pretty nasty virus that also goes by the aliases W32.Virut.CF (Symantec), W32/Virut.n (McAfee), PE_VIRUX.A (Trend), Virus:Win32/Virut.BM (Microsoft), W32/Scribble-A (Sophos), Win32/Virut.NBM (Eset). It attaches itself with any executable (.exe) and screensaver (.scr) files it comes across and embeds itself into system processes. It also adds codes to HTML files to load a hidden iFrame whenever the infected file is opened. Once a system is infected, it acts as a botnet client and calls home to transmit data.
Although Kaspersky Internet Security 2011 was able to detect the Virut virus and disinfect affected files, it failed to remove the virus completely, as it was continuously infecting new files. Frustrated, I decided to download the Kaspersky Recue Disk, which can be used to run a full system scan without having boot into Windows. Unfortunately, the ISO image itself is about 200 MB in size and requires a substantial amount of time to be downloaded over a slow connection. In the meantime, I decided to try my luck with the VirutKiller provided by Kaspersky.
VirutKiller takes a sophisticated approach to removing Virut. It initially terminates all the hooks created by Virut and eliminates it from your memory. It then proceeds to scan your hard disk for any infected files and disinfects them. Simultaneously, it keeps checking active processes every 10 seconds, to ensure that Virut can’t infect more files. After the VirutKiller was done, I restarted my system and ran it again. And lo and behold, all traces of Virut were gone.
In the end, I was lucky that I got away fairly easily. Modern malwares are notorious for being tough to remove and causing large scale data loss. Credit goes to Kaspersky for actually disinfecting the files, instead of deleting or quarantining them outright. In case VirutKiller doesn’t work for you, here are some more removal tools:
Win32/Virut Remover by AVG
W32.Virut Removal Tool by Symantec
Dr.Web CureIt!
I first readed about USB Vaccine on Your blog and now this!!!
Wow sounds like a nasty virus! What about something like superantispyware? That usually gets rid of most things for me.
Thanks so much for this post!! After years of being online and being careful last month I got my first case of malware. While norton supposedly fixed it the computer is still not quite right. I will give this a try to completely remove the infection.
Thanks, this post just saved my bacon!
Wow, i hope i don’t get this virus sounds scary, DOS looks like Chinese to me, and i don’t think i can remove it. Does hijack this work on this virus? good post
.-= Jezabel´s last blog ..Top wp plugins =-.
HiJackThis can’t be used to remove this one. Don’t worry, you don’t have to tackle command prompt either. Kaspersky’s Kido Killer is a single click solution.
Well I hope everything work out for you.
.-= Amy´s last blog ..The Diet Solution Program Review =-.
VirutKiller worked perfectly! Thanks for the post.