Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  

Author Topic: W32.Virut.CF (solution posted)  (Read 1244 times)

Peewee

  • Bay Watcher
  • Watcher Of Bays
    • View Profile
W32.Virut.CF (solution posted)
« on: July 10, 2009, 12:23:00 pm »

Well, the place I work is getting hit hard with this particular virus. The first infection we found was brought in last Friday, and we have at least two more still being repaired now.

It's very very annoying, because it tries to infect pretty much every .exe and .scr file that gets called on the computer.

It also apparently tries to infect htm, html, asp and php files with a redirect page or something.

Because it took a couple days for us to figure out how to remove the damned thing, I figured I'd post the fix here.

1. Try to boot in safe mode.
   If you can...

2. Turn off system restore.

3. Remove quarantine files from whatever antivirus the computer has.

***4. We ran a Kaspersky scan that was already on the computer, but we're not sure if it made a difference.

5. Run symantec's virut removal tool (FixVirut.com).
-----don't restart afterward

6. Install/run combofix.

No guarantees, but it worked on one computer at least. Of course, by the time we had figured that out, virut had screwed with the OS files enough to render it incapacitated.
« Last Edit: July 10, 2009, 02:09:30 pm by Peewee »
Logged