(E-Mail Removed) after much thought,came up with this jewel in
news:(E-Mail Removed):

>
> Hi Folks,
>
> I downloaded the FREE version of PCTools AV and did a scan on
several
> large internal and external hard drives. It found, and quarantined)
> over 1,300 EXE files saying that they were infected with
> "Win32.Virut.A".
>
> Is there a way for me to manualy verify that this infection exists.
> Also, is there a tool to "disenfect these files instead of simply
> deleting them?
>
> Thank you for helping,
>
> Don
>

Submit the files in question to www.virustotal.com You could also use
David Lipman's AV tool to scan each file(it includes 4 diferent
scanners). BitDefender has a on-demand scanner that you can install
also.
Many files cannot be disinfected because they are not valid windows
files.
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

"Maximus the Mad" <(E-Mail Removed)> wrote in message
news:Xns99DCB806DE586whatsinaname@207.115.33.102...
> (E-Mail Removed) after much thought,came up with this jewel in
> news:(E-Mail Removed):
>> Hi Folks,
>> I downloaded the FREE version of PCTools AV and did a scan on
> several
>> large internal and external hard drives. It found, and quarantined)
>> over 1,300 EXE files saying that they were infected with
>> "Win32.Virut.A".
>> Is there a way for me to manualy verify that this infection exists.
>> Also, is there a tool to "disenfect these files instead of simply
>> deleting them?
> Submit the files in question to www.virustotal.com You could also use

"over 1,300 EXE files"? Hope he's got a lot of time on his hands, lol


> David Lipman's AV tool to scan each file(it includes 4 diferent
> scanners). BitDefender has a on-demand scanner that you can install
> also.
> Many files cannot be disinfected because they are not valid windows
> files.

-jen

Hi Folks,

I downloaded the FREE version of PCTools AV and did a scan on several
large internal and external hard drives. It found, and quarantined)
over 1,300 EXE files saying that they were infected with
"Win32.Virut.A".

Is there a way for me to manualy verify that this infection exists.
Also, is there a tool to "disenfect these files instead of simply
deleting them?

Thank you for helping,

Don

"jen" <(E-Mail Removed)> after much thought,came up with this jewel
in news:whNWi.48531$(E-Mail Removed):

> "over 1,300 EXE files"? Hope he's got a lot of time on his hands,
> lol
>

Perhaps he is on an extended leave of absence......
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

"Maximus the Mad" <(E-Mail Removed)> wrote in message
news:Xns99DCBA3C49D57whatsinaname@207.115.33.102...
> "jen" <(E-Mail Removed)> after much thought,came up with this jewel
> in news:whNWi.48531$(E-Mail Removed):
>> "over 1,300 EXE files"? Hope he's got a lot of time on his hands,
>> lol
>>
> Perhaps he is on an extended leave of absence......

If he's not now, I'm sure he will be after this )))

-jen

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Folks,
> I downloaded the FREE version of PCTools AV and did a scan on several
> large internal and external hard drives. It found, and quarantined)
> over 1,300 EXE files saying that they were infected with
> "Win32.Virut.A".
> Is there a way for me to manualy verify that this infection exists.
> Also, is there a tool to "disenfect these files instead of simply
> deleting them?

Win32.Virut.A is an appending virus. This file infector infects .exe
and .scr files by attaching its encrypted code to the end of the file.

The encrypted code contains IRCBot functionality.

When Win32.Virut.A is executed it injects it's code into all running
processes.

Win32.Virut.A opens up a backdoor at port 65520 on the compromised
machine.

This virus tries to connect to IRC servers located at:

* proxima.ircgalaxy.

Symptoms -

# Modified executable files (increase of 5,120 bytes of exe files)
# DNS queries to proxima.ircgalaxy.pl and IRC related network traffic

Method of Infection -

Win32.Virut.A is a file infecting virus. Infection starts with *manual
execution* of the binary. Executables in network shares may also get
infected if accessed by the compromised machine. This virus can also be
instructed to scan for vulnerable systems and infect them.

Good luck,

-jen