Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Vitro: Still A Problem?

0 views
Skip to first unread message

PeteCresswell

unread,
Nov 8, 2009, 2:41:41 PM11/8/09
to
I'm in the process of re-imaging my #2 daughter's PC - infected with
Vitro.

Googled, got close to a half-mil hits but couldn't find anything
within the past couple months.

The older posts indicated that there was basically no defense - that
some products detected it and some didn't, but none could recover from
it.

I'm guessing things have changed.

Can anybody confirm?

Using Avast.

David H. Lipman

unread,
Nov 8, 2009, 4:58:43 PM11/8/09
to
From: "PeteCresswell" <pete...@gmail.com>

| Can anybody confirm?

| Using Avast.

Do you have a sample ?
If you do, submit a cpy to UploadMalware
http://www.uploadmalware.com/

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


FromTheRafters

unread,
Nov 8, 2009, 5:01:39 PM11/8/09
to
"PeteCresswell" <pete...@gmail.com> wrote in message
news:03edc6e0-e6da-4d8b...@p33g2000vbn.googlegroups.com...

Not sure what your question is here, but I suggest a re-image from an
old enough image so as to not have an "infected" backup reinstalled.

As for prevention, nothing is perfect and polymorphic viruses are
particularly troublesome. That much will *not* have changed.


PeteCresswell

unread,
Nov 8, 2009, 7:22:26 PM11/8/09
to
On Nov 8, 5:01 pm, "FromTheRafters" <erra...@nomail.afraid.org> wrote:
> "PeteCresswell" <petecr...@gmail.com> wrote in message

> As for prevention, nothing is perfect and polymorphic viruses are
> particularly troublesome. That much will *not* have changed.

Thanks for the terminology.

I just finished reading http://en.wikipedia.org/wiki/Polymorphic_code

Sheesh!.... sounds kind of grim to me... like the human flu... keeps
changing...

Now that I know that, I'll try harder to get the user of the affected
PC up-to-date on the process of re-imaging it themselves - bc it
sounds to me like there are going to be repeat performances of this.

FromTheRafters

unread,
Nov 8, 2009, 7:53:45 PM11/8/09
to
"PeteCresswell" <pete...@gmail.com> wrote in message
news:635cd85c-1a3a-4a6b...@p28g2000vbi.googlegroups.com...

Thanks for the terminology.

***
Trojans can take different forms also, but they usually don't do it
programmatically themselves (relying on human influence). Often just
detecting that a hash of the file matches a known to be malicious file's
hash is enough to detect it. This one is a virus, so, on top of having
malicious code that keeps changing how it appears with each iteration
(as you have just read) it hides "within" pre-existing executable
files - further complicating matters. Even so, the file infection
function is not the only bad thing that this malware does.

When doing image backups, consider having more than one. Some malware
may not be noticed until after a number of thought-to-be-clean images
were made - best to have backup backups going back in time if you know
what I mean.


FromTheRafters

unread,
Nov 17, 2009, 8:54:37 AM11/17/09
to
"PeteCresswell" <pete...@gmail.com> wrote in message
news:635cd85c-1a3a-4a6b...@p28g2000vbi.googlegroups.com...

Thanks for the terminology.

***
Sorry for the late addition to the thread - but I just ran across this
and thought it might be of interest to any readers still monitoring.

http://www.informit.com/articles/article.aspx?p=366890&seqNum=1

***


0 new messages