Virut is a goddamn pretty old malware that injects .exe files. It can be cleaned easily, but the cleaned file will be infected in no time because of it's quick-spreading ability. It will spread as soon as you download it's virus code or plug an infected flash drive.
Warning : it's thrice as difficult as Ramnit to clean, but onr third as difficult as Ramnit to be fully cleaned.
It's main goal is to get some information from the infected computers. To reach that goal, it would do anything to do it, even if there's no information to get. Usually Virut will inject a host program, put a code in it, so whenever the program is executed, the Virut will be executed first. To make sure the Virut is always exists in the system, it will inject Winlogon.exe first. After that Virut blocks the program from the user, then 'rides' its victim. In another words, you're f***ed.
My friend and i were ROFL after we saw "cmd.exe is infected by W32.Virut."
Virut will turn off your antivirus. Aaaand.. it seems to blocking access to antivirus sites. Then it usually sends you SPAMs.Like other viruses, yeah, backdoor. Once your computer is incapacitated, Virut will open that backdoor thing, and starts downloading and/or running your files by using proxima.irc.pl IRC address. Unfortunately it doesn't have a mother/exploit to spread.
How to clean
Well, use Kaspersky's Virut Killer. Find it in the Kaspersky's webpage, from an internet cafe or something. Scan twice, restart, and scan once. Because i don't always trust free things from Kaspersky, i don't trust this one either. If you have some cash, buy the Kaspersky Antivirus, and run a full scan. Or just use Dr.Web CureIt! In my previous post.
Or read this, if you can handle it.
Or read this, if you can handle it.
If everything else fails, fully uninstall and replace your programs with a new one. To make sure, make sure that you UNINSTALL first, then reintall them. I'm so sorry if there's any paid applications on your computer.
Tidak ada komentar:
Posting Komentar