After 2 days ago my server already cleaned from mso.sys yesterday it’s spreading again in my local networks and download new Trojan called Virut.56 then infected one of my computers client. I think I’m lucky because I detect this Trojan early before it infected all clients. I’m pretty sure this is a new virut variant which coming from mso.sys , It’s really bad bad Trojan and very hard to remove it using manual technique.

To detect when you’re infected by this Trojan:

  1. When your computer start-up you will see 2 IEXPLORE.exe running on process background.
  2. When It’s already totally control your computer you will see VRTxxx.TMP in your process background (xxx=random from 1 to z) and sometimes created random executable in your username folder.
  3. You can’t open anti-virus website, to test if try to browse www.microsoft.com
  4. If you’re monitoring your traffic Trojan will try to communicate with their server, I don’t know who own this IP but sure it’s located and registered in CHINA!.
  5. You’re executable programs sometimes not working properly.
  6. Your Internet connection slower than usual.

That’s some sign for you to make sure you’re infected by this Trojan. This is really hard Trojan, when I try to remove it using manual technique Trojans keep coming back again and again. Even after I using ckean image from ghost software it’s coming back really fast!. This Trojan infected everything! not only .exe files but .htm and .txt also got infected! specially windows file common used example: explorer.exe, userinit.exe, svchost.exe, and much more.

[to_plus]

If you’re got infected by Trojan virut you actually doesn’t need to re-install total your system. This information was false (but it’s fine), when I try to follow it Trojan coming back in seconds. So don’t waste your time to re-install the system it’s will not working!

How to repair your computer if infected by trojan Virut.56 :

1. Make sure your computer totally not connected to local network and Internet to make sure Trojan can’t hidden or run from the scanner.

2. Download Dr. Web Cure It! and burn it into your CD/DVD (to make sure it’s not infected I used CD non re-writable). Why use Cure It? I try using another anti-virus, anti-malware, and anti-spyware none of them workings right! this is not promotion!

3. Run your computer in safe-mode (recommended) then run Dr. Web Cure It! scan total your system including your removable device (if available) don’t use express scan or custom scan. It should be complete scan! should there is no infected file left or you may cry.

4. After scan complete (usually in 3-6 hours) reboot your computer and try to connect it into local network and Internet. Always check your background process if you find something strange on there disconnected from local network and Internet and re-scan total again your system.

5. If you’re already connected to local network/Internet then you can browse to www.microsoft.com and there is nothing strange on your computer background take a deep breath, the Trojan has been assassinated!

That’s a share for today, have a nice day 😀

[/to_plus]

Similar Posts:

Related Search Terms:

    Digg Del.icio.us StumbleUpon Reddit Twitter RSS

If you're new here, you may want to subscribe to my RSS feed. You may copy or publish this article to your blog or other site as long you give credit link back to this site article. Thanks for visiting my blog!