How can I confirm and remove Win32.Virut.A ?

[Maximus the Mad]

(e-mail address removed) after much thought,came up with this jewel in

Hi Folks,

I downloaded the FREE version of PCTools AV and did a scan on several
large internal and external hard drives. It found, and quarantined)
over 1,300 EXE files saying that they were infected with
"Win32.Virut.A".

Is there a way for me to manualy verify that this infection exists.
Also, is there a tool to "disenfect these files instead of simply
deleting them?

Thank you for helping,

Don

Submit the files in question to www.virustotal.com You could also use
David Lipman's AV tool to scan each file(it includes 4 diferent
scanners). BitDefender has a on-demand scanner that you can install
also.
Many files cannot be disinfected because they are not valid windows
files.
max

 

[jen]

(e-mail address removed) after much thought,came up with this jewel in

Submit the files in question to www.virustotal.com You could also use

"over 1,300 EXE files"? Hope he's got a lot of time on his hands, lol

David Lipman's AV tool to scan each file(it includes 4 diferent
scanners). BitDefender has a on-demand scanner that you can install
also.
Many files cannot be disinfected because they are not valid windows
files.

-jen

 

[Infected]

Hi Folks,

I downloaded the FREE version of PCTools AV and did a scan on several
large internal and external hard drives. It found, and quarantined)
over 1,300 EXE files saying that they were infected with
"Win32.Virut.A".

Is there a way for me to manualy verify that this infection exists.
Also, is there a tool to "disenfect these files instead of simply
deleting them?

Thank you for helping,

Don

 

[Maximus the Mad]

"over 1,300 EXE files"? Hope he's got a lot of time on his hands,
lol

Perhaps he is on an extended leave of absence......

 

[jen]

Perhaps he is on an extended leave of absence......

If he's not now, I'm sure he will be after this )))

-jen

 

[jen]

Hi Folks,
I downloaded the FREE version of PCTools AV and did a scan on several
large internal and external hard drives. It found, and quarantined)
over 1,300 EXE files saying that they were infected with
"Win32.Virut.A".
Is there a way for me to manualy verify that this infection exists.
Also, is there a tool to "disenfect these files instead of simply
deleting them?

Win32.Virut.A is an appending virus. This file infector infects .exe
and .scr files by attaching its encrypted code to the end of the file.

The encrypted code contains IRCBot functionality.

When Win32.Virut.A is executed it injects it's code into all running
processes.

Win32.Virut.A opens up a backdoor at port 65520 on the compromised
machine.

This virus tries to connect to IRC servers located at:

* proxima.ircgalaxy.

Symptoms -

# Modified executable files (increase of 5,120 bytes of exe files)
# DNS queries to proxima.ircgalaxy.pl and IRC related network traffic

Method of Infection -

Win32.Virut.A is a file infecting virus. Infection starts with *manual
execution* of the binary. Executables in network shares may also get
infected if accessed by the compromised machine. This virus can also be
instructed to scan for vulnerable systems and infect them.

Good luck,

-jen