Business products
Workstations & Servers protection

Fighting malicious programs
How to disinfect...

Common information

Viruses and solutions

Virus-fighting utilities

Online Scanner

Kaspersky Virus Removal Tool 7.0

Training and Certification
Take an educational course and become a certified anti-virus security specialist

Self Service
More help online

Support contacts and conditions
Information about support services and rules

Read the same in:

Home / Fighting malicious programs / Viruses and solutions

Viruses and solutions

In this section you will find recommendations how to fight malicious programs which cannot be disinfected by Kaspersky Lab’s products. In order to disinfect/remove malicious programs you may have to modify the system registry or use an additional utility. If you failed to find the necessary information or you find these recommendations too complicated or inadequate, please send a request to the Technical Support service via the HelpDesk form.

How to disinfect a PC from Virus.Win32.Virut.ce
ID Article: 2735	Other languages: Will be translated:	77	2009 Oct 22 18:10	Printable version

Main function of Virus.Win32.Virut.ce is a botnet client which is used by the virus to transmit data from an infected PC. Here you can read more about botnets and their usage.

Symptoms of infection:

Infected computers keep trying to access the following addresses to receive administration commands:

irc.zief.pl;
proxim.ircgalaxy.pl.

An experienced user can track hooks of the following functions in almost all processes (these hooks are used by the virus to infect all executable files a process is trying to access, and introduce its code into all newly started processes):

NtCreateFile;
NtCreateProcess;
NtCreateProcessEx;
NtOpenFile;
NtQueryInformationProcess.

You might use the Rootkit Unhooker utility, for example.

Or Gmer:

To disinfect a system infected with malware Virus.Win32.Virut.ce use the tool VirutKiller.exe.

If started without switches, the tool will:

Seek and terminate malicious threads.
Seek hooked functions and unhook them:

NtCreateFile;
NtCreateProcess;
NtCreateProcessEx;
NtOpenFile;
NtQueryInformationProcess.

Scan and disinfection of files on all hard disk drives.
While scanning hard disk drives, the tool will also perform a check of executable files of all running processes every 10 seconds.
Terminate detected infected processes and disinfect infected files.

Disinfection of an infected system

The System restore function should be disabled before attempting to disinfect a system.

Download the archive VirutKiller.zip and extract it into a folder on the infected (or potentially infected) PC using an archiver program (for example, WinZip).
Run the file VirutKiller.exe.
Wait for the scan and disinfection to finish. No reboot is needed after disinfection.

Optional switches to run the tool from command prompt:

-l <file_name> - write log to the file.
-v - detailed logging (must be used in combination with the parameter -l).
-s - scan in “silent” mode (without opening console box).
-y - when the utility finishes, its window will be closed.
-p <folder_path> – scan a specific folder.
-r - scan removable drives, portable hard disks connected via USB and Fire Wire.
-r - scan removable media.
-n - scan flash data storage devices.