Main function of Virus.Win32.Virut.ce, q is a botnet client which is used by the virus to transmit data from an infected PC. Here you can read more about botnets and their usage.
To disinfect a system infected with malware Virus.Win32.Virut.ce, q use the tool VirutKiller.exe.
Disinfection of an infected system
- Download the archive VirutKiller.zip and extract it into a folder on the infected (or potentially infected) PC using an archiver program (for example, WinZip).
- Run the file VirutKiller.exe.
- Wait for the scan and disinfection to finish. No reboot is needed after disinfection.
If started without switches, the tool will:
- Seek and terminate malicious threads.
- Seek hooked functions and unhook them:
- Scan and disinfection of files on all hard disk drives.
- While scanning hard disk drives, the tool will also perform a check of executable files of all running processes every 10 seconds.
Terminate detected infected processes and disinfect infected files.
Optional switches to run the tool from command prompt:
-l <file_name> - write log to the file.
-v - detailed logging (must be used in combination with the parameter -l).
-s ;- scan in “silent” mode (without opening console box).
-y - when the utility finishes, its window will be closed.
-p <folder_path> – scan a specific folder.
-r - scan removable drives (flash), external USB and FireWire hard disks.
-n - scan network drives.
Symptoms of infection:
- Infected computers keep trying to access the following addresses to receive administration commands:
- An experienced user can track hooks of the following functions in almost all processes (these hooks are used by the virus to infect all executable files a process is trying to access, and introduce its code into all newly started processes):
You might use the Rootkit Unhooker utility, for example: