Win32:Vitro
What is Win32:Vitro?
Win32:Vitro is a virus that pretend as a codec program required by multimedia application required to open a file hosted on a website. When infected, Win32:Vitro will modify headers of executable files that can harm computer and make it unstable.
| Type | Virus |
| Sub Type | FakeCodec |
| Aliases | |
| OS Affected | Windows |
| Detected By | Avast |
What Win32:Vitro Does?
It will modify Windows Registry and add the following entry:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run = [see files below]
The threat will drop the following malicious files:
- cmd.exe
- help.exe
- reg.exe
- PROGMAN.EXE
- cmd.exe
- wupdmgr.exe
- ctfmon.exe
- SOL.EXE
- reg.exe
How to Remove Win32:Vitro Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entry that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entry mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the file.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
