How can I confirm and remove Win32.Virut.A ?

"Maximus the Mad" <maxwachtel.RemoveThis@nomail.afraid.org> wrote in message
news:Xns99DCBA3C49D57whatsinaname@207.115.33.102...
> "jen" <jen.RemoveThis@example.com> after much thought,came up with this jewel
> in news:whNWi.48531$b9.34539@bignews1.bellsouth.net:
>> "over 1,300 EXE files"? Hope he's got a lot of time on his hands,
>> lol
>>
> Perhaps he is on an extended leave of absence......

If he's not now, I'm sure he will be after this )))

-jen
 >> Stay informed about: How can I confirm and remove Win32.Virut.A ? 

<Infected DeleteThis @diseased.net> wrote in message
news:h98ni31u2numrke8is3m1nb2i7ls0q1ed1@4ax.com...
> Hi Folks,
> I downloaded the FREE version of PCTools AV and did a scan on several
> large internal and external hard drives. It found, and quarantined)
> over 1,300 EXE files saying that they were infected with
> "Win32.Virut.A".
> Is there a way for me to manualy verify that this infection exists.
> Also, is there a tool to "disenfect these files instead of simply
> deleting them?

Win32.Virut.A is an appending virus. This file infector infects .exe
and .scr files by attaching its encrypted code to the end of the file.

The encrypted code contains IRCBot functionality.

When Win32.Virut.A is executed it injects it's code into all running
processes.

Win32.Virut.A opens up a backdoor at port 65520 on the compromised
machine.

This virus tries to connect to IRC servers located at:

* proxima.ircgalaxy.

Symptoms -

# Modified executable files (increase of 5,120 bytes of exe files)
# DNS queries to proxima.ircgalaxy.pl and IRC related network traffic

Method of Infection -

Win32.Virut.A is a file infecting virus. Infection starts with *manual
execution* of the binary. Executables in network shares may also get
infected if accessed by the compromised machine. This virus can also be
instructed to scan for vulnerable systems and infect them.

Good luck,

-jen
 >> Stay informed about: How can I confirm and remove Win32.Virut.A ? 

Infected.TakeThisOut@diseased.net after much thought,came up with this jewel in
news:h98ni31u2numrke8is3m1nb2i7ls0q1ed1@4ax.com:

>
> Hi Folks,
>
> I downloaded the FREE version of PCTools AV and did a scan on
several
> large internal and external hard drives. It found, and quarantined)
> over 1,300 EXE files saying that they were infected with
> "Win32.Virut.A".
>
> Is there a way for me to manualy verify that this infection exists.
> Also, is there a tool to "disenfect these files instead of simply
> deleting them?
>
> Thank you for helping,
>
> Don
>

Submit the files in question to www.virustotal.com You could also use
David Lipman's AV tool to scan each file(it includes 4 diferent
scanners). BitDefender has a on-demand scanner that you can install
also.
Many files cannot be disinfected because they are not valid windows
files.
max
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.
 >> Stay informed about: How can I confirm and remove Win32.Virut.A ? 

"jen" <jen DeleteThis @example.com> after much thought,came up with this jewel
in news:whNWi.48531$b9.34539@bignews1.bellsouth.net:

> "over 1,300 EXE files"? Hope he's got a lot of time on his hands,
> lol
>

Perhaps he is on an extended leave of absence......
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.
 >> Stay informed about: How can I confirm and remove Win32.Virut.A ?