Content

W32/Virut.j!82322FB0

Type
Virus
SubType
-
Discovery Date
09/23/2008
Length
25088
Minimum DAT
5389 (09/22/2008)
Updated DAT
5389 (09/22/2008)
Minimum Engine
5.3.00
Description Added
09/23/2008
Description Modified
09/23/2008 7:21 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

File PropertyProperty Value
FileNameUnavailable
McAfee DetectionW32/Virut.j
Length25,088 bytes
CRC82322FB0
MD5593e945ff4c78dd7aa1aaf802bef9e74
SHA1F0314594ED58EE3AA84842317587934F3204300C

Other Common Detection Aliases

Company NameDetection Name
avastWin32:Virtob
Dr.WebWin32.Virut.40
EsetWin32/Virut.NBF virus
FortiNetSuspicious
KasperskyVirus.Win32.Virut.bq
microsofttrojan:win32/anomaly.gen!d
pandaSuspicious
risingWin32.Agent.cd
SymantecW32.Virut.W
Trend MicroPE_VIRUT.LJ
V-BusterWin32.Virut.Gen.4

This sample can be identified by the following symptoms.

System Changes

These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files

The following registry elements have been changed:

  • hkey_users\s-1-5-21-1202660629-602609370-839522115-500\control panel\screen saver.mystify\
    • active1 = 49
    • active2 = 49
    • clear screen = 49
    • endcolor1 = 255 255 255
    • endcolor2 = 255 255 255
    • lines1 = 55
    • lines2 = 12
    • startcolor1 = 0 0 0
    • startcolor2 = 0 0 0
    • walkrandom1 = 49
    • walkrandom2 = 49

    • Symptoms

    This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

    Method of Infection

    Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.

    Removal

    AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

    Additional Windows ME/XP removal considerations

    Variants

    Variants

      N/A

    All Information

    Overview -

    This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then further propagate the virus. Although many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

    Characteristics

    Characteristics -

    File PropertyProperty Value
    FileNameUnavailable
    McAfee DetectionW32/Virut.j
    Length25,088 bytes
    CRC82322FB0
    MD5593e945ff4c78dd7aa1aaf802bef9e74
    SHA1F0314594ED58EE3AA84842317587934F3204300C

    Other Common Detection Aliases

    Company NameDetection Name
    avastWin32:Virtob
    Dr.WebWin32.Virut.40
    EsetWin32/Virut.NBF virus
    FortiNetSuspicious
    KasperskyVirus.Win32.Virut.bq
    microsofttrojan:win32/anomaly.gen!d
    pandaSuspicious
    risingWin32.Agent.cd
    SymantecW32.Virut.W
    Trend MicroPE_VIRUT.LJ
    V-BusterWin32.Virut.Gen.4

    This sample can be identified by the following symptoms.

    System Changes

    These are general defaults for typical path variables. (Although they may differ, these examples are common.):
    %WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
    %SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
    %ProgramFiles% = \Program Files

    The following registry elements have been changed:

  • hkey_users\s-1-5-21-1202660629-602609370-839522115-500\control panel\screen saver.mystify\
    • active1 = 49
    • active2 = 49
    • clear screen = 49
    • endcolor1 = 255 255 255
    • endcolor2 = 255 255 255
    • lines1 = 55
    • lines2 = 12
    • startcolor1 = 0 0 0
    • startcolor2 = 0 0 0
    • walkrandom1 = 49
    • walkrandom2 = 49

    • Symptoms

    Symptoms -

    This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

    Method of Infection

    Method of Infection -

    Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.

    Removal -

    Removal -

    AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

    Additional Windows ME/XP removal considerations

    Variants

    Variants -

      N/A