Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:18/04/2007
Type:File infector
In the wild:No
Reported Infections:Low
Distribution Potential:Medium to high
Damage Potential:Medium to high
Static file:No
IVDF version: - Wednesday, April 18, 2007

 General Method of propagation:
    Infects files

   •  Symantec: W32.Virut.H
   •  Kaspersky: Virus.Win32.Virut.n
   •  Sophos: W32/Vetor-A
   •  Eset: Win32/Virut.NAB

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
Infects files
   • Third party control

 File infection Infector type:

Appender - The virus main code is added at the end of the infected file.
 The last section of the file is modified to include the virus code.

Self Modification:

Polymorphic - The entire virus code changes from one infection to another. The virus contains a polymorphic engine.

Ignores files that:

Contain any of the following strings in their name:
   • PSTO
   • WC32
   • WCUN
   • WINC

The following files are infected:

By file type:
   • *.exe
   • *.scr

 IRC  Server: p**********
Port: 65520
Channel: virtu

 Furthermore it has the ability to perform actions such as:
    • Download file
    • Execute file

 Rootkit Technology Method used:
     Hidden from Windows API

Hooks the following API functions:
   • NtCreateFile
   • NtOpenFile
   • NtCreateProcess
   • NtCreateProcessEx

설명 삽입자 Razvan Olteanu   2010년 4월 22일 목요일
설명 업데이트 Andrei Ivanes   2010년 5월 27일 목요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.