Vitro worm detection

  • 3 Replies
  • 4684 Views
*

Offline Malakie

  • Bronze Member
  • 2
Vitro worm detection
« on: April 16, 2009, 01:47:14 PM »
Hi,

I am looking for any scanner that can RELIABLY detect the Vitro (Win32.Vitro) worm infection regardless of the file type it has infected.  I know AVAST can detect it in .exe files but it cannot detect it in any other file type like HTML, codecs etc etc.   I have a system that was infected through listening to an MP3 music servers stream online.   And we have confirmed this to be the case which means this thing can be spread through servers that stream music online as well as other known methods.

On one of our systems, not only were the primary drives infected but ALL the backup drives were as well.   Even a full format and reinstall of the main boot drive only buys us a small amount of time until some file is accessed on one of the data or backup drives and then the infected just grows again from there.  I do not care if there is a tool to remove it.. I simply want a tool to FIND an infected file no matter what type of file it is.  It would be a BIG bonus if there was also a tool that could actually block this thing from infecting more files when detected.

Anyhow, any ideas on this?    We need to find the infected files somehow and remove them manually since no other method works.


*

Offline PCBruiser

  • Malware Removal Mentors
  • Ambassador
  • Diamond Member
  • 8146
Re: Vitro worm detection
« Reply #1 on: April 17, 2009, 08:10:21 AM »
There are other ways.  Please follow all the instructions in pinned topics at the top of http://spywarehammer.com/simplemachinesforum/index.php?board=10.0 and post a HJT log in a new topic there.  One of our experts will try to help you get rid of this problem permanently.  And, I strongly suggest you stop visiting sites you know are infecting your systems.  That's just asking for trouble.  Have you considered the possibility that those sites are intentionally infecting visitors?
« Last Edit: April 17, 2009, 08:13:44 AM by PCBruiser »
Don't Read?  Can't learn!

*

Offline Malakie

  • Bronze Member
  • 2
Re: Vitro worm detection
« Reply #2 on: April 19, 2009, 07:08:20 PM »
Hi,

Being that we are programmers as well, once we found the source of our infection, you can bet we removed it from our system in terms of allowing access with exception to our test machine that we use specifically for this purpose of tracking these things down, trying to figure out what they are doing and so forth.  THAT is why I posted wondering if this scanner or any other is yet able to detect the Vitro in any file it can infect.

Although we were able to kill on the main drive as I said, we have NOT been able to kill it on what were the data backup drives because we cannot find ANY software that will detect it in all file types.

Thus my question.

I will take a look at the link you provided although based on our findings so far, we see no way to clean a machines boot drive once it is infected unless you get lucky and it does not infect any system files.. which is near impossible since it works and monitors the windows api and processes tasks.

Malakie

Malakie

*

Offline PCBruiser

  • Malware Removal Mentors
  • Ambassador
  • Diamond Member
  • 8146
Re: Vitro worm detection
« Reply #3 on: April 20, 2009, 10:42:44 AM »
OK, can you give me an idea of what tools you have used so far?  And, do you have an infected sample system we can work on?  We have some pretty powerful tools, and relationships with security tool developers where we can get them involved in the discussion.  Also, please see your private messages.
Don't Read?  Can't learn!