Monday, March 2, 2009

Update Win32.Vitro

It appears this nasty peice of work is causing many issues. As I have mentioned in my previous post, at this time it cannot be removed and a format is necessary.
From my research The transmition of this virus seems to come from an infected movie type file. This file informs you you'll need a codec to view it, when you agree it infects your system.

When installed it injects code into running processes than hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess

This vitro virus then infects every program you open. While good firewall and security software is essential to your online safety, they alone are not enough. Use caution when asked to download codecs or add-on's.

If you do get infected with this virus. DO NOT use previous backups. Perform a full clean install of Windows and your programs.

2 comments:

  1. is it a keylogger...i have been online lately...have my passwords all gone to hackers??

    ReplyDelete
  2. The Vitro isn't a keylogger, its a real virus. it destroy's Windows Files and creates it own with the same name. However it does have worm abilities so if you think you
    have it you should backup important non-exexcutable files and format.

    ReplyDelete