Win32 Virtob/Virut removalNovember 8, 2007
Virtob is a worm that spreads around your system on the back of executable files (.exe and .src), once the virus is running in the system memory, every executable you run after that will consequently be infected with the virus.
Once a system is infected it becomes very difficult to remove.
I discovered the system was infected with this worm when I installed avast! on the system. Avast! soon identified the virus in the infected files offering me a choice to repair, delete or move to chest.
I very quickly found that “repair” never worked, delete was a bad choice as they could be system executables that are needed, and so move to chest would also be a bad choice.
I had to find another approach.
- Download the above files (on a clean system).
- Create a boot CD, using Bart’s PE builder, or download miniPE (on a clean system) and put them on the CD
- or on a memory stick (preferably as read only).
- Reboot into the CD.
- Run the downloaded software against the infected hard drives.
Once the system is disinfected reboot normally, then:
- Go to Start -> Run, type: sfc /scannow
- Note: This may require your Windows CD, or an i386 directory.
- Run a full system scan using at least two up-to-date antivirus applications. (List of antivirus software)
- Reinstall any software that appears to be corrupt or missing.
- Ensure your windows updates are up-to-date (Especially ensure you have this one).
- I also recommend you delete your “Temporary Internet Files” and delete all content from your %tmp% directory.