PDA

View Full Version : Win32/Virut.NBK Removal


l337
03-03-2009, 04:30 AM
just wondering if anyone has come across/repaired damage done by this virus so far?

what ive found is it infects the pc yet the pc will still work but soon as i run a half decent AV such as nod nod will del thousands of .exe and the computer wont boot. so i do a repair install now its stuck at login (when i click login it logs me back out)

heres a lil info on it from eset
Win32/Virut.NBK (http://www.eset.eu/encyclopaedia/virut_nbk_virus_virut_ce__virut_cf_virut_n?lng=en)

ive done virus total uploads of several sample .exe to confirm it is this infection im getting.

RyanMeray
03-03-2009, 04:50 AM
I've had two of these in the last two days, had a few tweets about 'em -

http://twitter.com/RyanMeray/status/1271031351

Tomorrow I'm going to attempt to manually replace the Windows files that got hit and see if that'll get the bad system to boot. The good system only had a few exe's hit, so it still boots and runs fine for the most part.

l337
03-03-2009, 09:14 PM
oh ok feel free to let me know how u go my machine here at work got infected so i reformated to save time lol and the other 2 customers pcs ive got here seem to have thousands (im assuming nearly all) the .exe and .htm infected.

RyanMeray
03-04-2009, 08:08 PM
Well, there were just too many files hit on both PCs after all. I guess theoretically, if you caught it soon enough, you might be able to replace just the infected files with the original copies.

nonchalant
03-04-2009, 08:41 PM
what ive found is it infects the pc yet the pc will still work but soon as i run a half decent AV such as nod nod will del thousands of .exe and the computer wont boot

Nice. Sounds like Ive got some work coming up over the next few weeks..

Tiddle
03-04-2009, 08:57 PM
Nice. Sounds like Ive got some work coming up over the next few weeks..

lol we sure do :P

vontreigo
03-04-2009, 09:08 PM
I have a server 2000 pc hit with it. 1000's of infected files.... backup, clean backup files and format/reinstall.

arrow_runner
03-04-2009, 09:24 PM
Interesting, does anyone know where I can download a sample of this virus to infect a test system?

RyanMeray
03-05-2009, 04:46 AM
Interesting, does anyone know where I can download a sample of this virus to infect a test system?

I could probably dig up one of the files I quarantined, but I can't say when I'd get a chance to do it. PM me if you're interested and hit me with your email addy, I'll get it on my FTP in a day or two.

Fixedathome.com
03-09-2009, 10:42 AM
Symantec have now got a removal tool for this virus on their website. I've just run it on a customers PC and pulled over 1600 infections! I'm currently running a few other scans so i will keep you all posted as to whether it returns! You can get it here (http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-022016-4444-99).

Fixedathome.com
03-10-2009, 09:02 AM
It did its job, there is no sign of Virut on this PC now. There was a shed load of other infections on the PC also but the PC is now clean as a whistle and running well!