Virus:W32/Virut.D
Date discovered:02/04/2007
Type:File infector
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:No
IVDF version:6.38.00.159 - Monday, April 2, 2007

 General Method of propagation:
   • Infects files
   • Mapped network drives


Aliases:
   •  Symantec: W32.Virut.B
   •  Kaspersky: Virus.Win32.Virut.n
   •  Sophos: Mal/Dorf-A
   •  Eset: Win32/Virut

Non working variants may be identified as:
   •  W32/Virut.D.dam


Platforms / OS:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Infects files
   • Third party control

 File infection Infector type:

Appender - The virus main code is added at the end of the infected file.
– The last section of the file is modified to include the virus code.

Damaging - The files are improperly infected. Because of bugs in the virus only some of the virus code is present in the infected sample and it won't replicate any further. Sometimes the infected files are broken.


Self Modification:

Polymorphic - The entire virus code changes from one infection to another. The virus contains a polymorphic engine.


Method:

This direct-action infector actively searches for files.


Infection length:

Approximately 9000 Bytes


Ignores files that:

Contain any of the following strings in their name:
   • WINC
   • WCUN
   • WC32
   • PSTO


The following files are infected:

By file type:
   • *.exe
   • *.scr

 IRC To deliver system information and to provide remote control it connects to the following IRC Server:

Server: b******.ircgalaxy.pl
Port: 65520


– Furthermore it has the ability to perform actions such as:
    • Execute file
    • Updates itself

 Injection – It injects itself into a process.

 Miscellaneous String:
Furthermore it contains the following strings:
   • O noon of life! O time to celebrate!
   • O summer garden!
   • Relentlessly happy and expectant, standing: -
   • Watching all day and night, for friends I wait:
   • Where are you, friends? Come! It is time! It's late!

Description inserted by Razvan Olteanu on Monday, February 15, 2010
Description updated by Andrei Ivanes on Monday, February 15, 2010

Back . . . .