Content
W32/Virut.a
- Type
- Virus
- SubType
- Win32
- Discovery Date
- 05/12/2006
- Length
- Minimum DAT
- 4761 (05/12/2006)
- Updated DAT
- 5141 (10/15/2007)
- Minimum Engine
- 5.1.00
- Description Added
- 05/12/2006
- Description Modified
- 01/30/2007 3:52 PM (PT)
Tab Navigation
Characteristics
WhenW32/Virut.a is executed it injects it's code into all running processes
W32/Virut.a opens up backdoor at port 65520 on the compromised machine.
This virus tries to connect to IRC servers located at :
- proxima.ircgalaxy.
Symptoms
Method of Infection
W32/Virut.a is a file infecting virus. Infection starts with manual execution of the binary. Executables in network shares may also get infected if accessed by the compromised machine. This virus can also be instructed to scan for vulnerable systems and infect them.
Removal
All Users:
Use specified engine and DAT files for detection and removal.
Variants
Variants
N/A
All Information
Overview -
W32/Virut.a is an appending virus. This file infector infects .exe and .scr files by attaching its encryted code to the end of the file.
The encrypted code contains IRCBot functionality.
Characteristics
Characteristics -
WhenW32/Virut.a is executed it injects it's code into all running processes
W32/Virut.a opens up backdoor at port 65520 on the compromised machine.
This virus tries to connect to IRC servers located at :
- proxima.ircgalaxy.
Symptoms
Symptoms -
Method of Infection
Method of Infection -
W32/Virut.a is a file infecting virus. Infection starts with manual execution of the binary. Executables in network shares may also get infected if accessed by the compromised machine. This virus can also be instructed to scan for vulnerable systems and infect them.
Removal -
Removal -
All Users:
Use specified engine and DAT files for detection and removal.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
