Thursday
Feb192009
PolyMorphic Win32:Vitro Most Viraulent Virus
This seems to be an virus that is getting some people hit hard. I wanted to blog about this because of the nature of Virus and Trojans. I have read reports that this might be from Online Movies, and I have to say this is one reason why you must stay away from certain online movies. I am going to take a guess that this virus requires a special CODEC, and you downloaded it and installed it. It Could also be the update the Adobe Flash player idea to but still results in getting the Virus.
As I said before you take a risk when you go to sites you don't trust or know anything about. You also should know that if you need a "SPECIAL" codec, you should just go on to another site. These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.
After you get this very bad Virus you are done for. You would need to install the Operating system from backups or even start a new. This seems to be building this week and there isn't much you can do once your infected. I do recommend a good Anti-virus and Firewall but that wouldn't fix the problem right now. You will need to pull your backups out and start the process. I suggest a complete wipe and then do the Restoring the backups. This little virus likes to infect any .EXE it can so just restoring the Windows Directory will not help. Remember only you can prevent from getting infected.
As I said before you take a risk when you go to sites you don't trust or know anything about. You also should know that if you need a "SPECIAL" codec, you should just go on to another site. These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.
So what is this Virus:
The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.
* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess
[via Avast Forums]
After you get this very bad Virus you are done for. You would need to install the Operating system from backups or even start a new. This seems to be building this week and there isn't much you can do once your infected. I do recommend a good Anti-virus and Firewall but that wouldn't fix the problem right now. You will need to pull your backups out and start the process. I suggest a complete wipe and then do the Restoring the backups. This little virus likes to infect any .EXE it can so just restoring the Windows Directory will not help. Remember only you can prevent from getting infected.
|
2 Comments | in 2009, ATI, Anti-Virus, Avast, Avg, Back, Back up, Bad, CES, Call, Codec, Down, EA, Event, Facebook, Firewall, HP, Html, IDE, Inc, LAN, Make, Movies, NIN, Online Movies, Open, Operating system, Player, Spam, Tech-linkblog, Tor, UPS, Update, Virus, Vista, WIndows, Will, Window, Windows Vista, adobe flash, adobe flash player, anti virus protection, anything, backups, building, com, dll, download, exe, executable files, guess, href, infection, little virus, mean, problem, process, reason, resource, right, risk, running processes, time, viruses, vitro, way, win32, windows directory 
