Win32/Virut.O virus

Discussion in 'NOD32 version 2 Forum' started by lsmech, Sep 6, 2007.

Thread Status:
Not open for further replies.
  1. lsmech

    lsmech Registered Member

    Joined:
    Sep 5, 2007
    Posts:
    2
    this virus has infected tons of exe files on my sytem. i had nod32 installed and it detected the virus and deleted the exe's instead of cleaning. none of my programs work anymore. i had to do a repair install of windows just to get my explorer working a bit. but i cant access control panel, cant install any other AV's, and after restart nod32 wont even load anymore. why did nod32 not clean the virus instead of deleting the exe's?i cant install trendmicro online scanner coz it requires java which i had but apparently i dont have it anymore and java wont install coz some windows file is messed up after the repair install...so rite now i'm online on an infected machine with no antivirus running!!!

    a day before the repair install of windows XP(SP2), virtumonde had infected my comp and everytime i tried to start a manual scan with nod32 i kept getting the error CRC of NOD32.exe failed possible due to infection....how can nod32 itself be infected? if it cant protect itself how is it supposed to protect my comp?!

    WHAT AM I SUPPOSED TO DO?? how do i get rid of this Virut viruso_O
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    There are tons of Virut variants, it's impossible to make NOD32 clean each. Some Virut variants are even uncleanable from the technical point of view and require replacement of infected files with a clean copy.
     
  3. lsmech

    lsmech Registered Member

    Joined:
    Sep 5, 2007
    Posts:
    2
    and wat abt the "CRC check of nod32.exe failed, possibly due to infection" msg? wat causes that msg? did nod32.exe get corrupt? how? why cant nod32 protect itself? i even tried reinstalling nod32 but was still getting that CRC error msg. have had to format and reinstall windows. but i want to know wat do i do if i ever get that CRC error msg again?

    i have installed Escan on the comp that got infected. i'm going to download that same file and check if escan is able to clean that virus where nod32 was unable to. if escan does, then its gudbye nod32. i dont mind having a slightly slower comp if its secure from viruses. i'm disappointed in nod32. all those claims and all it seems to do is nod off...
     
  4. GhostMan

    GhostMan Eset Staff Account

    Joined:
    Jun 8, 2007
    Posts:
    99
    Location:
    Bratislava
    Hi
    afaik virut are corrupting .exe files, so this means goodbye to any antivirus, or any exe file :). Considering there are many virut mutation in the wild, you are probably affected by unknown variant.
    To prevent spreading alike infection, dont boot infected system. Any exe, that windows execute during startup, may be infected and this leads not only to AV failure, but whole system may be damaged.

    Cheers.
     
  5. hsobrevilla02

    hsobrevilla02 Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    19

    good day to all!

    im a newbie here and sorry for entering this thread.
    i just want to ask a question regarding this quoted item from Mr. Ghostman.
    what does this mean?does it mean this virus can kill even NOD32?and that NOD32 cannot detect the virus or even clean/disinfect the virus?
    i just want to clarify this because as of now I would like to try and evaluate for 30days the NOD32 V2.7.
    this is just a question, no offense meant to the moderators or anyone in this forum...
    i just want to be clarified.
    thanks in advance.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What you should realize is that:
    - no AV is 100% pefect and each misses threats. Some miss less, the other more.
    - if a file infector slips through an AV, it can infect files to such an extent that they cannot be repaired by any AV.
    - in most cases if a file cannot be cleaned you can contact the vendor to create a cleaning algorithm for it.
    - file infectors are not as common as they used to be in the era of DOS
     
  7. hsobrevilla02

    hsobrevilla02 Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    19

    thank you Mr. Marcos for answering my questions.
    I was just very worried by the answer of Mr. Ghostman "Hi
    afaik virut are corrupting .exe files, so this means goodbye to any antivirus, or any exe file .", I thought it means that the said virus would corrupt NOD32 and that NOD32 does not detect the said virus.
    sorry for misunderstanding the statement.
    I am very sorry for being so ignorant with regards to this "virus-things"...
    but still, thanks for answering back
    your answer was greatly appreciated
     
  8. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Hi hsobrevilla02 and lsmech,

    Hopefully this information will be of some help in deciding which direction to go.

    If it were my PC, I would physically connect the infected hard disk to a known good PC and go about cleaning it that way, comparing and replacing files as necessary and submitting any undetected threats and variants to ESET in the process.

    As this procedure can hide many dangers for the unsuspecting I will not detail it here but would suggest instead that if you have a current NOD32 licence then you may wish to contact the reseller or distributor you purchased from with a support request.
    If it were a clients PC then by the sound of it I would probably be asking them to bring in their Windows disks and data backups, drivers etc. with their PC in preparation for the likely clean format and re-installation after an assesment.

    If you have a means available to submit any undetected threats to ESET while heeding the advice of Marcos and GhostMan above then please do so by following the instructions in the faq
    Cheers :)
     
  9. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Probably be a good idea to have some back up/restore utility to fall back on in these cases to augment your NOD32.
     
  10. Cyber_Noob

    Cyber_Noob Registered Member

    Joined:
    Sep 18, 2007
    Posts:
    1
    i have Win32/Virut.O virus virus in zip anyone wanna take this virus to analyst ?
    and i infected this virus
    how to remove it anyway ?
     
  11. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Definately a good idea both for that and for if your hard disk failed.
    See where I quoted Blackspear from the FAQ a couple of posts back.

    Cheers :)
     
  12. scirious

    scirious Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    110
    This is where self-defense comes in handy. Even if an AV fails to detect a virus this virus won't be able to disable the AV by corrupting it's files, making it possible to be detected after an update.

    Scirious.
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Off topic post removed. Please follow the advice given in this thread previously.
     
Thread Status:
Not open for further replies.