NetBump.com

[SixOfFive]

Lately, there have been a lot of Virut and Virux infections going around and I am ending up with a lot of systems that are infected with this elusive virus.

For reader enjoyment I have posted reference links at the bottom of the page, but the general gist of this is that it is polymorphic and spreads to exe's through the hard drive. Most sites concur that currently the virus is spreading through peer to peer networks (aka bittorrent style programs). Currently TRK 3.3 methods render the operating system useless (the system tray, start menu, etc disappears) and further scans reveal that the virus comes back after the system is restarted even though the virus is reported to be removed.

The easiest way to bandage up the situation without losing data is to move all the directories to a single directory on the drive (using TRK or another method) and then perform a complete reinstall. Once the OS is installed, install a suitable virus scanner and scan the system regularly. Music, videos and office documents should be fine to open, but do not open any executable files from the old setup. If you do you risk instant reinfection. The virus is polymorphic, meaning it changes and the virus scanners cannot always detect it.

References:
http://www.symantec.com/security_response/writeup.jsp?docid=2006-051402-1930-99
http://www.f-secure.com/v-descs/virus_w32_virut.shtml
http://www.avast.com/eng/win32-virut.html
http://blog.trendmicro.com/crack-sites-distribute-virux-and-fakeav/
http://www.infopackets.com/news/security/2009/20090216_new_malware_virux_spreading_rampant_in_us.htm