How I Got Infected With Virut and How I Removed It
I have always believed that it’s hard to get infected with a malware, as long as you are sensible. Obviously, this turns out to be a bit more difficult when you are constantly connected to a hostile environment, like say a hostel LAN. But, any decent antivirus should be more than enough to keep malwares at bay. Yet, I got infected with a malware, after a long long time (I mean really long). And it happened because I was careless.
What happened was that I had temporarily disabled my antivirus and forgot to reactivate it before inserting a foreign USB device. The end result was simple; I got infected with Virut (Virus.Win32.Virut.ce).
Virut is a pretty nasty virus that also goes by the aliases W32.Virut.CF (Symantec), W32/Virut.n (McAfee), PE_VIRUX.A (Trend), Virus:Win32/Virut.BM (Microsoft), W32/Scribble-A (Sophos), Win32/Virut.NBM (Eset). It attaches itself with any executable (.exe) and screensaver (.scr) files it comes across and embeds itself into system processes. It also adds codes to HTML files to load a hidden iFrame whenever the infected file is opened. Once a system is infected, it acts as a botnet client and calls home to transmit data.
Although Kaspersky Internet Security 2011 was able to detect the Virut virus and disinfect affected files, it failed to remove the virus completely, as it was continuously infecting new files. Frustrated, I decided to download the Kaspersky Recue Disk, which can be used to run a full system scan without having boot into Windows. Unfortunately, the ISO image itself is about 200 MB in size and requires a substantial amount of time to be downloaded over a slow connection. In the meantime, I decided to try my luck with the VirutKiller provided by Kaspersky.
VirutKiller takes a sophisticated approach to removing Virut. It initially terminates all the hooks created by Virut and eliminates it from your memory. It then proceeds to scan your hard disk for any infected files and disinfects them. Simultaneously, it keeps checking active processes every 10 seconds, to ensure that Virut can’t infect more files. After the VirutKiller was done, I restarted my system and ran it again. And lo and behold, all traces of Virut were gone.
In the end, I was lucky that I got away fairly easily. Modern malwares are notorious for being tough to remove and causing large scale data loss. Credit goes to Kaspersky for actually disinfecting the files, instead of deleting or quarantining them outright. In case VirutKiller doesn’t work for you, here are some more removal tools: