Virus.Win32.Virut.ce

Virus.Win32.Virut.ce can infect and alter files to be able to execute and spread itself. This Trojan also blocks access to security websites by modifying the Windows Hosts file. It can also inject a malicious iframe on web files such as .HTM, .PHP or .ASP so that when you run them, your browser will be redirected to malicious web sites.

Virus.Win32.Virut.ce is considered as a polymorphic type of virus or Trojan. It targets mostly .EXE and .SCR files on the infected computer. It may also allow a remote attacker to control the PC via backdoor port. To run each time Windows starts, Virus.Win32.Virut.ce injects its code to Windows process winlogon.exe, explorer.exe, and svchost.exe.

It also writes a code to HTML and other web files that cause hidden iFrame to point the browser to unknown domain. This connection is discrete because Virus.Win32.Virut.ce manages to include it in the allowable list of victim’s firewall.

Aliases:
W32.Virut.CF, W32/Virut.n, PE_VIRUX.A-1, W32/Scribble-A, Virus:Win32/Virut.BM

82 Comments

  1. Cliff Lunsford

    This is the first hit on google when searching this. The security level on this virus should be extremely high. I have been fighting with it at an accounting firm for a week, after no help from any of the major ant virus sites, a bunch of tips that failed, this particular virus is much more than most think it is. Beware it not only attaches itself to basically anything, but it also keeps connections open after is “appears” to be cleaned, continues to eat bandwidth, and it WILL come back.

  2. zizo

    I advise every body to use later version of Kaspersky and update it

  3. JPLnyc

    I’ve been working on a pc for 3 days. I’ve used a deep erase, reformat and it still comes back.
    Kapersky finds the virus, but is usually unable to disinfect or delete.
    The virus attaches to thousands or .exe and scr files, especially the windows system .exe’s. AV repair on these files usually results in a corrupted OS.
    I’ve been using UBCD, TRK and puppy linux tools.

    someone mentioned using UBCD and malwarebytes, then following with MS-MRT.

    MS says:
    Recovery Steps
    To detect this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft online scanner

    Note: Virus:Win32/Virut.BM’s method of infection may damage some infected files beyond repair. In these cases, in order to return a machine to its pre-infected state, it may be necessary to install a clean backup of the operating system and associated applications.

    Bottom Line: FORMAT THE DISK with extreme prejudice.

  4. Ionut Decuseara

    This is unbelievable !

    Its really one of the great ones. Its spreading itself through executables, integrating itself and autoexecuting each time the procedure is being called. Its creating a network driver in c:windowssystem32drivers{random letters}.sys
    The driver automatically detects network connection and downloads the rest of the malware from some other infected stations of headquarters servers. Its usually creating executable in C:Documents and Settings{username}Local SettingsTemp or whatever your ~temp directive tell it to.
    Its also creating c:Documents and Settings{username}Local Settingss_reader.exe
    I’ve been able to seen it working when calling:
    #> netstat -na
    from the cmd console. It was connection itself on the web receiving http packets.
    Even if you reinstall OS you will eventually call one of the infected executable which will execute the same procedure of makes sure the virus is already loaded into memory. The best method:
    1| Use BARTPE along with Kaspesky Internet Security (I use 7.0.1.135 updated every few hours.) – have it updated to the latest as KAV would not know about the virus until Sunday Feb. 15 2009. After booting the BARTPE cd you would have full access to the infected hard drive. You’ll then be able to use KAV to desinfect.
    2| Reinstall fresh copy of OS and make sure the first thing you do after being able to see the desktop is to install and update as fast as possible Kaspersky Antivirus of Kaspersky Internet Security (I use 7.0.1.135).
    3| Have the hard drive moved to another working computer which has the latest antivirus database updated.

  5. Francois

    WOW… awesome virus. Last time I saw a such cool virus was in DOS ! It’s a good programmer’s work. But.. it’s destroying our computers and it’s bad…

  6. John

    Yes this virus destroys your operating system. No need to try to fight it, use “ultimate boot cd” to recover your important data and to clean out the virus. Do not backup any executable files! Reformat the drives and reinstall Windows. Don’t try a “repair” installation, format and reinstall. Only sure way to get rid of it for good. Nasty sh*t!

  7. Steve Kingsley

    Wow.

    I’m impressed. I’m impressed none the less.
    My laptop is a total loss. I’m DBANing it & starting over.
    Hope my backups are OK. This thing is the nastiest virus I’ve ever seen. Good luck all who get it. My advice?

    Get a Mac.

  8. yes i have a solution to remove this virus

    my antivirus is ????? hahaha hope you know this

  9. ho mna

    What a bad virus. It’s killing. Kaspersky is trying to delete it. I’m still waiting…

  10. master037

    Only way to cure system is to download live CD from Dr.web (64MB) and to try to clean system from boot cd. That is only option. except of losing all files! I had such virus and fight it 3 days. I won. Now I installed Kaspersky and hope ti will protect me in the future.

  11. avakaba

    Neither Live cd or CureIt help. Just Kaspersky free utility recognize virus as “virus.win32.virut.ce”. Most progs were cured, but system resident ones are still infected. Fight continue…

    (Thinking. if any reason in heuristics?…)

  12. Johnny

    Hi, is there any way to be sure I dont have got this virus in my computer? I’m sure I had it, RM Virut (removal tool by AVG) found and cleaned seven infected files. But then, I tried AVG full scan, CureIt, ComboFix, RSIT, AVPtool and i also scanned some .exe files on virustotal.com , didn’t find anything at all. I just can’t believe i would get rid of such a nasty virus only with some simple removal tool…

  13. Anuj

    i have been fighting with this virus for 2 long months and now kaspersky has disinfected most of my files but the main problem is that after disinfection when we try to execute the repaired files it say that the files are not a valid win32 application…………………i am now geeting xp sp3 and vista ultimate and will reformat my pc next week.
    god save my external hard drive and its data

  14. Adi

    I have Windows Vista; Kaspesky detected Virus.Win32.Virut.ce & It either disinfected or deleted few virus under C:WindowsSystem32 ….
    eg. C:WindowsSystem32dfrgui.exe
    next thing I know is files such as control.exe is deleted, system restore file is deleted. Yes, I was unable to do system restore from Start>Programs…….
    I had to reboot with recovery option (F8) & was able to restore to previous point. However, I still have viruses & would be really nice if someone could help.

  15. sagato

    i have yhis virus it gives a good figth i hope i can kill it defore gets to my archive drive i have use symantec virut cleaner avast antivirus goin to do a deep format on the drive yes the one that puts 0 to make sure there is no ghost data data it will take long but its the only thing left to do

  16. Martin

    I have been infected just 2 reboots ago so i suggest i’m in the same virus as everybody here… The fun is that i’m on huge LAN so I hope it wont come out of this PC. I’m not calling any procedure outside my PC except browser coming out of the HTTP proxy

  17. Martin

    hxxp://www.avg.com/us.virus-removal.ndi-67762 did not found anything, but when i want to scan drive from OS – this utility tells me that there is active virus in the memmory.. what to do next?

  18. Eneas

    I’m infected too. In my case, this virus puts a <iframe> code on all my “footer.php” files too.

    The <iframe> includes the URL jL.chura.pl/rc/: a malware URL.

    :(

  19. Latvian.Geek

    I REMOVED THIS VIRUS IN 2 HOURS!!!

    Here is how:
    1. Make System restore- choose day, when you did not have virus.

    2.Uninstall your anti-virus program, if it is not Avira(it is free!)! (I used Kaspersky, but it is too weak for this virus!)

    3. Install free Avira.
    4.Scan all-complete system!
    5.All viruses Avira will sent to quarantine.
    6.Delete from quarantine ALL FILES (“delete selected object from quarantine…”), what is infected with W32/Cholera (Avira call this-Virus.Win32.Virut.ce- so).
    7. Make more full scans, at least 4- so many, till your scans can not find any virus!
    8.Thats all-your computer is clean now!

  20. Latvian.Geek

    P.S. Forget to mention. I had more than 700 Virus.Win32.Virut.ce, but after System restore- only 20.

    But after System restore some viruses stay in folder System Volume Information.

    Destroy them with Avira!

  21. pedro

    i know internet since the time of 28kbs modems when we connected over phone line and i never saw anything like this , my kaspersky can not fight this virus and it when it says that everything is clean and i try to execute one of the cleaned files (like : regedit.exe) it tells me again that file is infected !!!!!
    the only possible thing i see here is that virus were already on system when i installed kaspersky , the original exe of instalation in hd of kaspersky is infected .
    so when it says that all files are cleaned then it starts all over again because of kaspersky exe active file .
    I believe that the only solution is install an antivirus and keep it active (even infected) then install another antivirus like avg free , in this way kaspersky wont let avg instalations files be infected and then avg can clean everything .
    Other way is format the damm disk and install windows again .

  22. laser23

    I have kapersky antivirus 7 MP1 I reloaded xp in safe mode then removed all threats possible in safe mode then reloaded in debugging mode and removed rest of threats. works because virus doesn’t operate in safe or debugging mode.

  23. Jay Converse

    I’ve been fighting this one for 5 days, it basically wiped out the network. I had to reformat the domain controller and three PCs. A few were able to be recovered with a system restore, but others were not because all the system restore executables were infected. It depended on how fast I caught it.

    Regedit and Taskmgr disabled. Network shares attacked speedily. This thing is a bloody work of evil genius.

    Symantec Corporate 9 and AVG didn’t detect it until too late. In other words, they missed the primary infection, and only woke up after the secondary packages were dropped.

    And get this. One PC has been formatted and reinfected three times! I’m reinstalling the OS and drivers from the OEM Dell CDs, there’s no way they could be infected. Or is there?

  24. Jay Converse

    I forgot to add, I couldn’t use safe mode because every single system, including the domain controller, blue-screened on any type of safe mode reboot. There are 6 different models of Dell, so the inability to safe boot has to be part of the primary infection.

  25. Kope

    This is the worst virus I’ve ever had. It infects almost all exe file n consumes lot of bandwidth (both sent n received packets if u check in conn manager esp. if using dial up).
    1. Reinstall windows
    2. Install n ACTIVATE ZoneAlarm Sec.Suite
    3. Block all port 65520
    4. Look if winlogon try to access internet then u still infected!!
    5. Block winlogon n win.explorer from accessing internet!!

  26. Jay Converse

    In regards to my PC that was reinfected three times, I figured out that I had never unplugged it. Powered off – yes, completely unplugged from the wall – no. What a virus this thing is.

  27. Mordred

    Format HD, reinstall OS. The only guaranteed solution, at the moment.

  28. Virut pwned Windows

    No doubt, Virut walks all over MS and anti virus utilities. No point in re-installing Windows, it’s time to retire it and use Wine for anything I need that isn’t available in Linux.

  29. Rodrigo

    I suspect that I got that VIRUS at hxxp://www.xpcodecpack.com/download. I downloaded and intalled that codec pack and I got my avira antivir destroyed.
    Think I will reformat.

  30. Virut Pwned Windows

    Thought I would provide an update, I doubt I’m out of the clear but the latest Kapersky trial version is at least able to display that it detects the thing, which is more than anything else I tried, inclusive of dr. web – maybe I just wasn’t able to get the dr. web to update properly. Perhaps I’ll follow up after I’ve either deployed devian or eradicated virus. The *easiest* way to see if you’re getting some kind of protection is whether the C:windowssystem32driversetchosts file is getting that additional host entry after you reboot. You can also run netstat to observe whether port 65520 is open, and if it is you need to block it quickly (EMSA Port Blocker) or pull your cable.

  31. Curt

    I managed to clean the virus as for now and still in testing stage to see if the virus really is gone. I’m in day 2 right now, and everything seems to be ok.

    btw, these are the main tools i used:

    kapersky 2009 (1 month trial key) + latest virus definition
    drweb cureit
    fixvirut – symantec

    Cleaning it was a pain in the a** though. Every 30 – 50 virut threats detected, i stopped the kapersky scan, & neutralize (disinfect & delete) before re-scanning again. About 400+ threats detected on my system. It’s advisable to disconnect your PC from the internet & any networks. After scan finished completely, I ran cureit (took about 3 hours). Then I used fixvirut, scan for another few hours. Then I turned off my PC, and went to sleep. It took me one whole day to do all these.

    The next day, I repeat everything again. The virus subsequently disappeared as I repeat the steps, until all seems to be OK up to this day. I reinstalled damaged system files by running windows xp setup & choose to repair windows. Again, I’m in day 2 of testing stage. Hopefully the virus won’t resurface.

  32. Curt

    Oh, by the way, don’t forget to turn off system restore. Other people seem to be able to remove this virus too with their own methods. I don’t guarantee my method will work on your system though. And I still don’t want to confirm that my system is already free of this virus as I think it’s still early to say so. I’m going to test my system for a week or more only then I can be sure of it. Cheers.

  33. Patrik

    Wow, what a mess!
    I actually have no idea on how I got this virus, but I got it some 4 reboots ago.

    I can’t say I fixed it, but I sure came a long way, so here’s what I did. [Ninja edit: Yep! it did work!!]

    First of all, disconnect from the internet. Get another computer to download what you need (basically both virut removal tools linked in the comments, the AVG and the Symantec one, plus Kaspersky AV 2009 trial).

    Get your XP CD you used for your installation.
    Reboot your windows on safe mode and use the Administrator account.

    Run “cmd”. From here, create a useful bat file (edit run.bat, for example) containing this 6 lines:

    del /f /q C:windowsexplorer.exe
    del /f /q C:windowstaskmgr.exe
    del /f /q C:windowssystem32dllcacheexplorer.exe
    del /f /q C:windowssystem32dllcachetaskmgr.exe
    expand **YOURCDDRIVE**:i386explorer.ex_ C:windowsexplorer.exe
    expand **YOURCDDRIVE**:i386taskmgr.ex_ C:windowstaskmgr.exe

    The virus doesn’t infect .bat files, so this will be your very useful utility to kill the virus.
    So, with your XP CD on your drive, run the bat (always with cmd) and voila! now you have task manager.
    Run the task manager (type taskmgr on your cmd prompt) and kill the explorer.exe running.
    run your bat again, and now you have an uninfected explorer.exe

    Using your task manager, run both virut removing tools AND your KAV09 installer, run them all, get something to drink and/or eat.

    Reboot into SAFE MODE AGAIN (with the admin account, not your username), run your nifty .bat again, kill explorer.exe again, run .bat again, run all programs again and make sure that they are not finding anything.

    I then realized the virus messed with your login and users, so I created another user from safe mode (called test), and run windows in debug mode, login in with the new user (test) and you’ll get fully working kaspersky. Run it again.

    Here’s the part nobody know which fixes your XP installation (like a reinstall/ repair) but faster and better.
    Always on debug mode, with your test user, XP CD on drive, run the following command:

    sfc /scannow

    It should take a while, so go get dessert.

    What it does is it gets a clean copy of each system file that is not exactly the same as in the cd, so it basically gets your system to an almost new state.

    It’s very possible that the virus is n your main user account, but I can assume by now that that’s the least of your concerns.

    Tips:
    1) Always have an antivirus running: FFS, KAV2009 costs 13 euros if you buy with 2 other friends (3 licenses, 39 euros) for ONE FULL YEAR. That’s dirt cheap, don’t run cracked antivirus, they will stop working when you need them (Murphy’s law)

    2) DON’T use System Restore. It’s useless and it helps most virus hide and reappear. Just have recent backups on a hard drive you DON’T use for any other reason than backups (1 terabyte external HD is around 70 euros now)

    3) Use linux. Or mac. And stick to windows for games / 3D design / whatever you really need windows for.

  34. Patrik

    Also, run the following line to restore your Windows default settings / Group Policies:

    secedit /configure /db %temp%temp.mdb /cfg “%systemroot%infdefltwk.inf

    If you came so far and your windows is still not working perfectly, a repair might now do the job =)

  35. cy

    Gosh, and I thought I was alone in facing this nightmare. It’s been screwing up my system for weeks now.
    Have decided to reformat and start all over. Taking no chances…

  36. Cobra

    I cured the Virut infection on my computer in a couple of days.

    Here’s how:

    #1: Create a Windows version of the UltimateBootCD using an XP CD’s files and slipstream SP1 and SP2 into the files before you burn the UBCD.

    #2: Download DrWeb CureIt! and either configure it as a plugin on the UBCD or burn it to a separate CD to open after you boot the computer. Note: You’ll need two CD ROM drives to do this, as the UBCD takes up one.

    #3: Boot up using the UBCD and run CureIt!, delete any files it cannot repair. Then, power down your computer for 5+ minutes after so the virus cannot hide in the memory.

    #4: Repeat step 3 until CureIt! no longer detects the virus.

    #5: Repair any damaged Windows files with the XP CD, don’t use recovery console, instead select repair installation.

    That’s all there is to it, good luck.

  37. Cobra

    Oh yeah, and DISABLE System Restore, it’s absolutely useless and most viruses just hide there to constantly return and cause problems.

    Any questions, feel free to ask here.

  38. Rico

    It whould be nice to hear if cleaned computers stayed clean. My virus win32.virut.ce is resurrected twice already. And I hope it does not blacklist IP-s somewhere, so that it could send new virus packages to cleaned and newly online computers.

  39. mantmya

    I NEED SOMEONE’S HELP! I have the generic pup.x program on my computer and Mcafee can’t remove all of it tried system restore, etc, nothing works any suggestions please reply will be greatly appeciated.

  40. dixie

    Hi community, yes I got this virus too. Was spending hours and days on the net (on other pc) to find hints, but on ALL forums they spoke about “polymere virus” (or similar, my English is not the best, sorry) which is able to change all files itself by adding some 5 kb to exe/dll/scr/html/php files. According to all opinions it is NOT possible to “delete” this file because of its structure, only a full reformat/reinstall helps. Luckily my firewall alerted me that my IE checksum was changed and I disconnected immediately my LAN and all external USB HDDs, so most of my backups were clean. If you have a second HDD, you could add it as an external disk in a box via USB, let the AV remove all infected files and at least some files (doc/pdf/xls) which you hadn’t updated yet could be rescued.

    I think I got it by opening a crack which I checked with Antispyware, NOD32 and Sypbot and which was reported to be “clean”. Nb: torrents are said to be full of virut.xx the last time, so watch out please.

    I wonder why I actually waste my memory by having all those “checkers” in my task bar (including firewall), if NONE of them finds the risky file while downloading or while checking after the download ended :(

    A last note: DR WEB SOFTWARE did NOT delete these files, it only noticed that they were infected and wrote “files deleted”, but this was NOT true and my system was still messed up with this BS!! None of those free tools of the most know AV companies removed the virus EITHER! Will make even more backups in future and burn my files regularly – good luck for you all!

  41. Rico

    It seems like i’ve won the battle against win32.virut.56 (also known as win.virut.ce). Firstly like last comment says, i don’t have NEVER windows firewall on, i don’t have any antivirus installed, i don’t have automatic updates on. They have no point as “virut” case shows. The only thing that i have and recommend very highly is WINPATROL, which has saved my a** plenty of times, letting me know that something is going on in my computer. Before virut i managed to clean nasty things manually and with regedit and so on. As comment before mine says – even latest antivirus progs cannot detect nicely packed virutcontained exe’s, what you can download at cracksites. They show that its nicely clean. Thanks to Winpatrol I knew exactly when virut attacked my system. It flow up with READER_S.EXE file which was impossible to clean from registry. And strangely, in Program Files folder was created THUNMAIL folder with TESTABD.DLL and TESTABD.EXE inside. THUNMAIL content was hidden even after enabling all seeing settings. Op. sys. was loaded with strange .TMP files. In WINDOWS folder strange EXE files were created in System32 and Temp folder. After i tried to repair virut from inflected machine with all free virut removal tools you can get from internet, i gave up. I went to plan B. With clean computer at work i created bootable Dr.Web’s live cd and also Kaspersky bootable cd. I downloaded also miniPE (op. sys. which boots himself from cd). I scanned my harddisks with Dr.Web and Kaspersky live cd’s (I wanted no cure anymore) so i did set the settings so that inflected files were deleted. In this case there was over 4000 files deleted. After scanning i booted miniPE and discovered that THUNMAIL folder with its content has survived the scanning. So i deleted it along with content of System Volume Information and Temp folders, system folders (Documents and Settings, Windows, Program Files). Back at home i connected smaller harddisk and booted Dr.Web live cd for memory scanning, just for any case. After that i reinstalled windows. Strangely i had both of my external harddisks on my computer very long time when the machine was inflected, but Dr.Web or Kaspersky didnt detect any virut on them. So as i understand virut is growing after your program activity. For example it wrote himself very quickly to active programs like Opera, daemon tools, etc. Hope someone who’s desperate and ready to format valuable info will reconsider and try other options.

  42. martine

    Used F_secure, scans and shows that cleaned, but then pops up l8er especially when executing windows programs. Maybe my laptop will survive!

  43. bamamal

    Had the same problem and it was a doozy….this is so bad it infects flash drives and you may need to do a complete format on your HD…a quick one will leave enough to start it again…Mal…

  44. cristhian

    OK, this virus seems to be very strong, but when I run Kaspersky 7.0.1, only shows one infected file, under the name :virut.win32.virut, that’s the only notification, I’ll try to erase the file and the virus still there, if I reinstall windows XP the virus stay on my PC or something? and I try to back up some of mi data, such as games and programs, I mean this virus can really infect the games exe and apps too? should Ii use the back up on the clean OS or they’re infected too? Please, some help, this thing is driving me crazy!

  45. mastermind

    try this one, a rescuedisk.
    kaspersky give me i hope it helps let me know i didn’t used it yet

    https://www.precisesecurity.com/tools-resources/free-antivirus/virus-scan-kaspersky-usb

  46. toy

    been infected… and the main problem is im no tech savvy
    im thinking of giving up T-T
    can i just throw my lappy out the window?

  47. Gmanson

    This is one tough infection. Ive cleaned out well over 5000 files which were infected with vundo and rootkits etc and this virus is a pain in the &$^. I was able to remove a similar infection last year without anything suggested mentioned above in all posts. I will bookmark this page and get back in a few days. (I just started working on the PC “not mine” yesterday so give me some time and patience).

  48. Dylanthehardway

    We’re approaching this whole malware issue from the wrong perspective.
    We sit passively behind our little defensive wall of antiviral software
    hoping they’ll be strong enough to protect our systems from the
    inevitable attacks. We acquiesce to the malaicious code slinger’s
    by accepting the reactive, passive and defensive role while leaving
    them free to attack at will. It’s truely a cyber war where our enemy
    has taken all of the inititive and holds the active, proactive offense.

    Each piece of Malware has a source and some antiviral companies have been
    able to islolate the countries of origin and occasionally even the cities
    based upon outbreak concentrations, but so far no one has taken the fight
    to the malicious codeslinger’s doorstep. Sure, Microsoft puts bounties on
    the heads of some of the more talented malwareists, and while being better
    than nothing, it certainly hasn’t seemed to reduce the new introductions
    of ever more sophistocated malware. Malwareists are free to anomously
    diseminate their wares from around the globe with virtually no fear
    of reprecusions or reprisals.

    This is a high stakes war. The cost of defending against malware attacks
    is staggering, but when you factor in the even greater costs of lost
    productivity it becomes clear that this is a war we can’t afford to
    fight passively or on the defensive.

    The Malwarists drew first blood and contiunue to attack our systems
    daily without provocation and I, for one am more than sick and tired
    of just taking it. Beyond the simple misenthropic, anti-social malicious
    code-slingers, Malware is rapidly becoming the weapon of choice for
    organized cyber-terrorists. The US government’s response to that threat
    has been to pour more billions of dollars into passive, reactive and
    defensive systems. How can you win a war by sitting behind a wall and
    hoping no one figures out how to breach it?

    We have to find a way of taking this war to the malwarists instead of
    fighting every battle in our offices and homes. How is it that The
    music recording industry and track down and prosecute a suburban single-mother
    whose crime was the illegal dowloading of MP3’s, but no one can track
    down the author of the Virut virus? The cost of that mother’s crime
    only reflected a drop-in-the-bucket hit to the recording industry’s profits,
    but Virut has, and will likely continue to cost the whole world untold
    millions of dollars in lost productivity.

    The days are gone when all we had to do was run a quick scan with
    f-prot to eliminate all traces of malware from our computers.
    The modern polymorphic malware strains require weeks-long or even
    months-long efforts to clear, if they can be cleared at all.

    Pumping money into ever more complicated defense walls only prolongs
    the inevitable breach while sticking each of us with the bill. The only
    logical solution is to eliminate the threat at its source…to apply at
    least as many finacial and manpower resources to the task of tracking
    down and eliminating malwarists as we currently do in building bigger
    and supossedly better antiviral walls. If the MPAA and the Music Recording
    Industry can track down copyright violators then surely the computer
    industry and the world’s governments can track down malwarist.

    The vigilante in me would love to see an application that could accurately
    reverse track the origins of malware and then provide the names and
    addresses of the malwarist. I’d enjoy expressing my frustration to them
    personally, but I’d certainly settle for their prosecution and
    punishment under the law.

  49. Fabietto

    I removed Virut (Win32.virut.AT) without formatting and it’s quite simple. Here the procedure:

    Needed: Hiren’s Bootcd 9.9 (free).

    1) Using a clean PC prepare a bootable Hiren Bootcd (i used a write protected USB stick, it’s yhe same)

    2) Start windows in safe mode, create a new folder, find explorer.exe (c:windowsexplorer.exe) and copy it in the new folder. Do the same for c:windowssystem32svchost.exe.

    3) From control panel/System disable the ‘System restore’.

    4) insert the Hiren Bootcd and start the Kaspersky antivirus tool (included in Hiren). It will find a lot of infected file; at the end it will prompt the action to do for infected files, choose ‘Disinfect’. It will disinfect all the files except the running explorer and svchost ( but that you copied in the new folder are disinfected).

    5) Turn of your PC. Insert again the Hiren BootCD and turn On. Choose to bootstrap using Mini XP (from the main menu of Hiren bootcd).

    6) From Mini XP access to C:, go to the new folder, copy the disinfected explorer.exe and paste it (replace) into the original folder (c:windows). Do the same for svchost (into c:windowssystem32). Remove the Kaspersky folder from your c:documents and settingsYourUserNameSettingsTemp folder.

    7) Remove the Hiren Bootcd and reboot your pc from hard drive. Run again the Kaspersky from Hiren Bootcd. New infected files could be probably found, but after this the PC is cleaned.

    Note that after the PC is cleaned you need to manually restore some registry entries (like SFCDisable and something else related to the firewall).

    Enjoy and remember… never format, if you format the virus win !!!!!!!!!!!!!

  50. Jack Legg

    Virus.Win32.Virut.ce

    ZoneAlarm found the virus & deleted it even before I launched the downloaded *.exe that contained the virus…

    Better to have your PC set-up correctly to “catch” or scan all downloads BEFORE you double-click on them…

    The best tings in life are FREE, remember?

  51. LateNeo

    Hi guys & girls.

    This is a mean virus

    After reading the entire forum and all comments, downloaded the two scan engines from AVG and Symantec running the scans, I was left with 2 pc’s and my laptop strikingly rotten effected with the virus.win32.virut.ce.

    Yes formatting the three machines would seem like the best way to go BUT unfortunately not all of us have the luxury of simply formatting and starting all over.

    I followed the advice of Fabietto posted on July 8, 2009 . Re : the hiren’s bootcd and Kasperskey scans.

    The only difference was that the scan detected the infected files but could not disinfect them, but only quarantine them. By the third scan on all 3 pc’s, they were clean. I even ran a fourth scan just to make sure the monster were slain. Unfortunately it did do a lot of serious damage to the .exe files in the windowssystem32 as wél as the explorer.exe and the scvhost.exe were smashed.

    With these files quarantined and not disinfected my windows logon was lost. So the original XP cd was unleashes and a complete xp installation was repaired. (NOT the repair console/panel. It wont work ) Repairing the XP installation only deletes the windows dir and reinstalls it, thus not loosing any other info.

    All three pc’s are as clean as can be, BUT unfortunately I can only access windows via safe mode. Normal boot only comes to the logon screen where one chooses a user, enters the password and then the blue screen of horror shows itself stating :

    : Stop: c000021a {fatal System error} The windows logon process system process terminated unexpectedly with a status of 0xc000034 (0x00000000 0x0000000) The system has been shut down

    This error can be looked up on the Microsoft site AND it explains how to fix it.
    If only I could. For reasoning far beyond my years I simply can not do it.

    In the mean time I have installed a second copy of XP on one of the PC’s so I can access my files on the other installation. Yes one might argue that ending up with these result I simply could of formatted, but what can you do if you don’t want to just chuck away your info and let the enemy win. Fight as hard as you can.

  52. Bingo

    Hello everybody. Only became aware of this thing about 5 days ago when the computer started shutting down and various programs became unworkable. Also, all files on my key drive disappeared and the drive had to be reformatted. Can’t swear that the virus did this but I cnn’t think of anything else to explain it. Windows Firewall (I’m running XP Pro) reported that I had a Virtob infection but AVG, Zone Alarm, and Ad-aware reported nothing. So after a bit of researching, I found the Kaspersky online scanner. This revealed that quite a lot of files were infected with win32.virut.ce but these could not be deleted by the online scanner. However, Kaspersky are doing a Full 30 day trial of Kaspersky Internet Security 2010 and I installed this. On checking drives C, D, and External Drive F, Kaspersky found and disinfected, or deleted, about 700 infected files. Reran the program and a few more files were found and treated. I am completed my third scan and the infection seems to have gone. Can’t say this will work for everyone but it seems to have worked for me. Worth a try and good luck to you. This is one awkward sob. I will report back if the infection recreates itself in the next few days, but so far it’s looking good

  53. Bingo

    Following on from earlier post, I found that a few vrt.tmp files were appearing in C:Documents and SettingsLocalServiceLocal SettingsTemp but Kaspersky was preventing them loading or connecting to the net. I ran the scan next in Safe Mode and this disinfected the few files which could not be done in normal mode. As of this moment, this machine is now completely free, as far as I can see, of Virut and anything else. All programs and files seem to be working normally and the Kaspersky Network Monitor is showing that there are no suspect connections. Just for information, my operating system is XP Pro SP3. Kaspersky seems to have given me the complete solution to this pest. Well worth giving it a try. Free 30 day trial could rid you of this problem.

  54. PaperTowelAddict

    Seeing a second mention of Hiren’s Boot CD, I wanted to ask if anyone had encountered not being able to access the antivirus tools on this CD? I only get two pages of menus, and neither has the antivirus tools. Does anyone have an idea what I am doing wrong? Or is this virus smart enough to prevent them from loading? I am running on a 64-bit system, if that matters

  55. Bingo

    Well, just to tie up the story on my experiences, I am now a week on from installing Kaspersky and ridding myself of Virut and it has not reappeared. That about says it all. Would highly recommend Kaspersky for ridding yourself of Virut

  56. Lefteris

    Bingo I hope you’re right man because I don’t want to reformat! Eset didn’t do a thing! I’m trying Kaspersky! Thanks for your info!

  57. Bingo

    hello Lefteris. I hope Kaspersky worked for you in as straightforward a way as it worked for me. Now a fortnight on from the cleaning and no sign of reinfection. Everything, as far as I can see, is working normally. I may have just been lucky and had a variant of the virus which could be cleaned. Let us know if you’ve managed to get rid of it

  58. Adnan Rulezzzzzzz

    hey…….friends i will tell how to remove this virus…its very easy
    effects of this virus—…slows down ur pc….causes network error….formatting hdd does not remove this virus…ur comp automatically shut down after few days on start ups
    precautions—dont ever download pirated software…cracks,patches,keys,untrusted toolbars….
    how to remove it-
    1- reformat ur pc
    -install kaspersky latest version n first update it right to the day
    2-scan ur full system..
    3-now u will find that kaspersky will detect it bt will not disinfect or delete the file
    4-now go to the reports of the scan…u will find that every partition of ur hdd had got the virus..
    5-now go to the first detection..hit right mouse button …now go to ‘open files where……..’ u will find dtected files now go to back option…u will find folders like’RP1′ now select all and delete it..do this in every partition till kaspersky detects none……..
    have a safe day.

  59. sephiroth

    update kaspersky 2010 to 12/08/2009 and do a full scan, that works for me, good luck

  60. i hat this virus

    i used a linux boot cd to rescue my files(media files and office)
    knows any one if pdf’s or .rar files are infected?
    but is it possible that the virus is active if i run my pc with the linux cd( back track 3) ???

    THAnks

  61. The Tech Guy Tom

    I’ve removed this virus successfully without formatting. Email me [email protected] for details, it’s a long hairy process but can be done. We had an outbreak within our internal network at my support office where a win2k3 server w/exchange and AD, tech machine, all computers that were on the bench etc. were infected by thumbdrives plugged in to machines when the virus first struck. Apparently it’s really really easy to spread it. Hit me up and I’ll paste my epic essay.

  62. Rob Cullum

    Hi there, my desktop has been infected with this virus and it is creating havoc . Casn’t even get online (I’m on my laptop atm!)
    Please help!
    Kind regards
    Rob

  63. Fennec

    This virus is a pain but I have it contained ,my router is a good firewall and I have it set to block all incoming connections on port 65520 and all outgoing connections to Proxima.ircgalaxy.pl so that means the attackers cant use it I have also found that using IRC to connect to my local machine on port 65520 gives you control of this virus so now I am able to change the options and on my machine it only infects explorer.exe too bad it doesn’t have a disinfect command

  64. Joe

    This virus infected my old HD, so I had no choice but to reinstall WinXP. Then today I accidently clicked an old executable on that HD and the virus is reinfected me. I was in no mood to reinstall so this is how I dealt with it.

    DO NOT START ANY PROGRAMS YET, THEY WILL GET INFECTED

    1. Pull the plug on your internet connection, because it will try to connect to its website (jL.chura.pl and maybe others) and download more crap to your PC

    2. Go to Task Manager and kill ANY program that looks unfamiliar (this can be tricky, if you’re a not a computer geek)

    3. Run services.msc and you’ll see at least 2 services running which have NO description. Stop them and then disable them (by right clicking). Also stop and disable Remote Access Connection Manager, and Background Intelligent Transfer System, if they are running. These are Windows processes, but I think the virus activates them.

    4. Repeat step 2 just in case

    5. Now you have a choice:
    a)You can run restore, but you have to be very sure that the restore is clean
    b) run your antivirus. A full scan is preferable, but at least C:Windows and C:Program Files. The virus infected only logonui.exe in my case and changed the HOSTS file, and created a temporary file in the WINDOWSTEMP directory, but nothing else. However, if you ran any program while the virus was loaded, that program will be infected too.

    This is the stage on which I am myself. The virus is removed but my system is still a bit screwed up, because everytime I reboot a hidden process iexplore.exe is started, except it’s not connecting anywhere. I’m not sure what’s starting it, but I dealt with it by killing the process and moving iexplore.exe to a temporary folder.

  65. SChalice

    This virus can get on compact flash sticks. You’ll need to be sure to wipe all those virus clean or just throw them away if unsure..

  66. itchy

    i only used kaspersky 2010 and the avg link that was mentioned hxxp://www.avg.com/us.virus-removal.ndi-67762
    and im done.
    took me about 2 hours (because my pc was just rebooted there wasnt mutch to scan)

  67. itchy

    ow also cleaned my external hard drive no problems there. my friend however who apparently didnt have anti-virus. and who waited to long is completely screwed. he cant even dl the avg removal tool

  68. uuzoo

    This is a nasty virus! I got hit with it a couple of weeks ago from downloading programs. My antivirus at the time ( avast) detected it but couldn’t do nothing about it. So, I did some research on the net, and was told to download Kaspersky removal tool. It detected it, and was neutralizing it, but the virus was spreading like a forest fire. It got to about 3,000 files infected, and I said forget it. I ended up reformatting and reinstalling OS. It WORKED! What’s really interesting is that I didn’t know it at the time but my flashdrive was connected in the back of the tower, and it got infected. After reinstalling everything. I realized that my flashdrive was in too. I’m thinking oh no. I ran avast but nothing came up. I’ve now installed Vipre and ran scan on the flashdrive and it detected and neutralized the virus. Now I’m using Vipre. Been working well.

  69. Szabolcs

    Confirmed. I agree with the first poster (and the most of you), it sneaked through avast’s protection, I fought this about a week long, that process let me figure out some important stuff.

    This malware is probably added by Win32.Agent along with Win32.Delf and b.exe, just to mention the most critical ones and some others (3-4 more)

    – It hides on your portable devices such as pendrives portable hard disk or other partitions.
    – When you connect to the internet, this will download the whole pack again, causing you more trouble.
    – These malware only works on 32-bit based Windows systems. You should consider updating to 64-bit (there are some drawback) or try Windows 7.
    – Only Win32.Virut will infect files, others should create their own, which you can find in “C:” and “C:Windowssystem32” or in “Documents and Settings”

    Note: A new version has come out in October 2009 and even Kaspersky Labs do not have an update for this infection yet. Although, Kaspersky is able to competely eradicate this virus, thanks to it’s more advanced and intelligent being, compered to other virusbusters.

    Conclusion: I am now using Windows 7 x64, works quite well that far.

  70. nicklasdolck

    Hey.. I got these virus yesterday (win32/virut and win32/heur) When i read about it that it infected all the .exe and possibly .jpg files i went nuts, turned of my computer unplugged my other 2 drives (D: and E:)on it and installed windows 7 64bit today. Downloaded avg free 9.0 and searched D: and it had 5 infected .exe files. wich it said that it was removed. So it hadn’t have the time to spread that far. Now i wonder if it still might spread into my C: where i have my windows or if it will continue to spread through my D: and E: (haven’t plugged E: in yet, so i don’t know how badly infected it is.) Or shall i just leave them unplugged until a bulletproof removal program for those viruses are released? Really don’t wanna mess up all my pictures and stuff there if it’s possible to avoid… pics on there since 2002. :/ What to do? Any help would be mostly appreciated

  71. Arsby

    I had a happy ending, I think.
    I got this bug on my Vista laptop on Friday by being stupid. Kaspersky slows down my downloads, so I turned it off. I forgot it was off and tried to install an app from the newsgroups. The first thing Virute did was set my system clock forward to 2049, so Kaspersky thought it had expired 40 years ago! Then it started eating my executables.
    I took the laptop HD out and put it in a SATA USB enclosure attached to a Kaspersky-protected desktop. I started moving all the files I wanted to save onto the desktop, and ran Kaspersky against the HD in enclosure. I initially thought I fixed it with Kaspersky and moved it back, but it was still infected. I then adjusted the Kaspersky setting to Maximum Protection and pointed it explicitly to the USB drive. It found and deleted a trojan and 216 files (mostly exe’s) that were infected.
    This morning, Sunday, I put the HD back into the laptop and turned it on, fully expecting to have to recover and wipe the HD. Signon went well, but it couldn’t find two dll’s. Kaspersky was still working on the laptop, and found nothing during its startup procedure. The internet is working, I’m posting from the laptop now. Some applications aren’t working because the executables are gone, but others, including MS Office, are.
    So it looks like a happy ending.
    So for the previous poster and others… IF it’s a laptop that’s infected, it’s really easy to pop out a laptop hard drive, then go to Best Buy or something like it and buy a USB enclosure for it. (Warning, there are two types, SATA and another one.) Attach it to another PC that’s virus protected, and have it run a full maximum check against the drive that’s now via USB. Have it delete anything that’s infected. (Kaspersky does the deletions *after* it finished the full scan.) Then put it back into the laptop and see if it works.

  72. overkill

    Here’s a question for you tech-savvy guys:

    What exactly is the danger of the port (65520) that this thing uses ? Assuming you are able to clear the infection from your system (disk & memory), then is there any chance that it can re-enter ? I am assuming not.

  73. soulless

    ive found that using hirens 10 both in windows and minixp and using the following apps – Kasperky, Malwarebyte, Superantipyware and smitfraudfx manages to get rid of the virus and then just going through the harddrive like c:, temp dirs, Windows, System32, Fonts, system volume information, recycler, Documents and Settings folders and deleting the weired files i find there such as Restorer_32a.exe and Reader_s.exe (Found a new one recently photo_id.exe) and also scanning the reg for them and removing them. This seems to be able to get rid of the virus but ive found a few times there are still bits and peices of it flying around so a few more scans and checking the folders and reg again pretty much cleared it up but Kaspersky can disinect the files but you will proably have to do a repair on you windows again.

    In one of the earlier posts someone mentioned that he used a irc prog to connect to his computer and managed to ulter the options of the virus. Im curious to know if this is true.

  74. eparico

    I’ve been lucky so far but I’m working on a friends laptop, a mini with no CD ROM drive, that was/is infected with Virut & Delf. I didn’t know much about this virus and was unaware it attached itself to flash drives. Lesson learned! My AV program picked up this virus on a flash drive I was moving between my comp and the laptop. I created a bootable USB XP installation, reinstalled the OS on the mini only to find out the flash drive I used was infected. Now, I have to go back and reinstall a second time.

    After several scans using McAfee and Kaspersky online scanner (so far), luckily, my computer has not been infected. After doing a bit of research and reading a bunch of message boards, a lot of them say that the best resolution is to format and reinstall the OS. From what I’ve read (check out Spybot S & D message boards and search for Virut), this virus is said to attach itself to exe, scr, htm, html, asp, php, pdf, doc and even jpg files. There might be more that I’m unaware of but to say the least, this has to be one of the nastiest viruses I’ve ever run into.

    Some people have said that this virus can be eliminated but I’m not willing to take this risk giving I transport some of my data between home and work with a flash drive. Good luck to anyone who spends days on end trying to fix instead of reinstalling their OS. Computers 101….ALWAYS back up your data in the event something like this should occur. You may spend several hours reinstalling all of your software but it beats spending days on end trying to fix a virus that might come back.

    Microsoft has released a security bulletin (967940) with a patch (KB971029) that will disable the AutoRun feature for flash drives to prevent automatic installation of software included (U3, etc) and will help prevent the running of an infected exe file. Best of luck everyone…

  75. Maybe

    Hiya all. I don’t recommend this unless you are positive that you have the right firmware. Flash you BIOS. clean computer up, flash again, then clean again. Hope it helps a bit

  76. psog_choudai

    This virus put me a week of hard work into this computer.

    I can’t say that I’m 100% free of the stupidity this thing does, but… I might have easy tips for getting rid of the virus, and some pointers to note for people who might be having issues:

    1. The virus indiscriminately infects all .exe and .scr files (even inside .zip, .rar, .7z, or any other kind of archive.) It also infects mostly system .dll files.

    2. It does NOT infect any other “media” file. These include .mp3, .ogg, .wav, .avi, .mpg extensions and the like.

    3. It doesn’t matter if you have more than one internal or external HDD or Flash drive (or any media that is rewritable), anything that meets the infection criteria WILL get infected.

    4. Even if one file is already infected, the virus and any instances running WILL re-infect the same file in a different section of the coding. Thus, multiple scans are necessary to make sure the file is ABSOLUTELY clean.

    So… I have a LOT of music and videos that I’m a little too attached to and that I don’t want to lose. When I noticed that this stupid thing targets executable, I realized that I needed to reformat the HDD carrying the OS. I did, and the virus came back.

    I then noticed some strange occurrences. Obviously, port 65520 was being accessed by winlogon.exe and explorer.exe. Even though this was a fresh install, I needed to reformat again already.

    So, I took up the task of arming myself to clear out this virus from my system with the following tools:

    1. Windows XP CD
    2. Hiren’s Boot CD v. 10.0
    3. Ubuntu v. 8.04 Live CD

    Here’s how that worked.

    1. I turned off my computer and unplugged the power cord and the Ethernet cable. Left off for 30 min, then plugged the power cord (not ethernet) back in, then booted to Hiren’s Boot CD.
    2. I used Hiren’s Boot CD’s partition tools to delete all partitions and destroy the data in the HDD carrying Windows XP.
    3. I used the HDD Regenerator in the Hard Disk tools section to check for corrupted sectors. Usually this only applies to physical errors and not so much to data, but if a section has been damaged it’s good to know. Everything came back clean.
    4. Went back to Partition Tools and formatted out an NTFS partition for Windows XP.

    5. Rebooted and used the Ubuntu Live CD. Using this I was able to get the drivers for anything that I needed on the computer, and clean virus free copies of them because Linux doesn’t have these kinds of virus issues. I also downloaded Virut Removal Tools and Comodo Internet Security and Dr. Web Cure It!. This is good for people that have lost their recovery CDs or their motherboard or display drivers. I placed all these into a clean USB Flash drive. When I copied everything in, I ejected and disconnected the drive.

    6. I rebooted into the Windows XP CD. When asked for the desired partition, I performed yet another Format (not quick) on the blank NTFS partition. Proceeded with installing Windows.

    7. When Windows loaded, I connected the USB Flash drive and placed its contents on the desktop. Proceeded with installing everything, starting with the basic motherboard drivers all the way to the AV tools and Security software. Ethernet cable is STILL disconnected.

    8. Here I noticed none of the system files were behaving erratically. When Comodo Internet Security asked me to update the Virus DB, I then connected the Ethernet cable. Connections were safe, and port 65520 was not being accessed by any program. Definitions were updated, and port 65520 was eventually blocked.

    9. Used Dr. Web Cure It! and performed a complete scan of the computer and all disks connected (USB Flash disconnected) overnight. Found a ridiculous amount of instances of Win32.Virut.56. Also found a few miscellaneous backdoors and other trojans.

    10. Removed all files mentioned by the Dr. Web scan. Proceeded to scan computer again with Comodo Internet Security AV scan. Few more infections came up, proceeded to remove those as well.

    11. Noticed that none of the removed content was on C:. Proceeded with a deep scan of both HDDs’ “System Volume Information” folder. Found another ridiculous set of instances of Win32.Virut.Ce. Removed them all.

    12. This is where I find myself.

    Every time I idle my computer and it accesses the screen saver, I notice that my computer has found yet another instance of Virut in the non-Windows HDD’s “System Volume Information” folder. I did just scan again and found more instances, so I removed those.

    I just can’t seem to tell whether the virus is still active, or if it’s just remnants. When I use the system, Comodo does not alert me of anything. Also, websites are not blocked, and media files from that HDD do not further aggravate the system as I use them.

    Though, I think I’m pretty clear! Hope this helps as another guide and alternative to clear out Virut.

  77. Liane

    I found out I had this virus last night.
    Kaspersky just detected backdoor.win32.papras.t
    It’s go time. *-*

  78. AZ

    THIS IS THE NASTIEST VIRUS HUMANS HAVE EVER FACED!!!!!!!!! 12 YEARS PC PROFICIENT HAS GIVEN UP AFTER REINSTALLING 64BIT VISTA, WIN 7 XP PRO 10 TIMES…..will completely format now. Installing new OS doesn’t help either, it infects the new OS as well..ANY SUGGESTIONS??????????

  79. ken.absolute

    I slaved a SATA drive via USB adapter to copy some data off of it…This virus was on it and it jumped to the hosting PC!

    It must get deep into all drives that it finds to make them autorun. Anyway – Sunbelts Vipre anti-malware caught it on the hosting computer and kept it from spreading.

    The lesson anyway: be sure and hold down the shift key as you insert a USB drive (even if it’s a adapter for IDE/serial/SCSI) to keep it from auto-running.

    wow – this thing… it gets deep into sysvol and even maintenance partitions.

    I used Darik’s Boot and Nuke for the guest drive (inc main partition) after reading about the issues here and I’ve not heard from it again.

    My guess is people keep on getting reinfected by using their infected-auto-running USB drives or accessing infected .exe’s that they backed up – unless their is some bios component it can load into that I’ve been luckily enough not to have encountered.

  80. Bingo

    Hello All.
    I see this little virus is still doing the rounds. Vicious little sod!
    This is a re-post of my messages from July 2009 detailing how I got rid of the problem. It is possible that new victims may not read that far back and I hope my experiences are helpful. Good luck! By the way, still free from this virus.

    Bingo
    July 22nd, 2009 at 1:28 pm 56

    Hello everybody. Only became aware of this thing about 5 days ago when the computer started shutting down and various programs became unworkable. Also, all files on my key drive disappeared and the drive had to be reformatted. Can’t swear that the virus did this but I can’t think of anything else to explain it. Windows Firewall (I’m running XP Pro) reported that I had a Virtob infection but AVG, Zone Alarm, and Ad-aware reported nothing. So after a bit of researching, I found the Kaspersky online scanner. This revealed that quite a lot of files were infected with win32.virut.ce but these could not be deleted by the online scanner. However, Kaspersky are doing a Full 30 day trial of Kaspersky Internet Security 2010 and I installed this. On checking drives C, D, and External Drive F, Kaspersky found and disinfected, or deleted, about 700 infected files. Reran the program and a few more files were found and treated. I am completed my third scan and the infection seems to have gone. Can’t say this will work for everyone but it seems to have worked for me. Worth a try and good luck to you. This is one awkward sob. I will report back if the infection recreates itself in the next few days, but so far it’s looking good

    July 22nd, 2009 at 10:48 pm 57

    Following on from earlier post, I found that a few vrt.tmp files were appearing in C:Documents and SettingsLocalServiceLocal SettingsTemp but Kaspersky was preventing them loading or connecting to the net. I ran the scan next in Safe Mode and this disinfected the few files which could not be done in normal mode. As of this moment, this machine is now completely free, as far as I can see, of Virut and anything else. All programs and files seem to be working normally and the Kaspersky Network Monitor is showing that there are no suspect connections. Just for information, my operating system is XP Pro SP3. Kaspersky seems to have given me the complete solution to this pest. Well worth giving it a try. Free 30 day trial could rid you of this problem.

    July 31st, 2009 at 8:35 am 59

    Well, just to tie up the story on my experiences, I am now a week on from installing Kaspersky and ridding myself of Virut and it has not reappeared. That about says it all. Would highly recommend Kaspersky for ridding yourself of Virut

  81. Musik Anima

    Yesterday I ran Kaspersky full scan and I got 12 infection of this virus.

    And I think all is good now..

    Kaspersky maybe has erased all the infections..

    I have put the scan to “high”, and it took 12hrs to scan all..

    I have no problem actually..but dunno if in future I will get problems..

    I will do another scan, to stay assured that there is none of these infections…

    this virus is awesome.. :) PC slows a lot during scan also..

    pc started to lag…

    1st thing to do: update Kaspersky
    2nd: disconnect from net
    3rd: deep very deep scan
    4th: restart PC
    5th: again a deep deep scan..

    then good.. I think problem solved..

  82. oh noes

    Captured new virut.ce variant; infected userinit.exe , control.exe and cmd.exe from /system32.. confirmed infected by jotti- AVG’s Win32/Virut tool does not detect these infected files. Malwarebytes doesn’t see them either. ~.~

Comments are closed.