Knowledgebase
How to remove W32:Vitro (Virut) virus .
Posted by Samuel Turi on 14 February 2012 10:57 AM

How to remove W32:Vitro (Virut) virus


The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.
* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess
We would strongly recommend rebuilding the system from backups.
Windows can be rebuilt as described in the following link or failing this a format of the system will be required.
(0 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).