| Alias/es | PE_VIRUT.A, W32/Virut-A, W32/Virut.a |
| Release Date | May 13, 2006 |
| Detection Availability | Current Antivirus Definition Database Version: 12.202 | | Description | Visible Symptoms
- Possible firewall alert that an executable attempting to connect to the internet.
Detailed Analysis
- This virus infects running processes by writing the virus code to the target processes and creating a remote thread to execute it. It avoids infecting the following processes:
- [system process]
- system
- smss.exe
- csrss.exe
- Creates a named event to ensure that only one instance of the virus runs on the compromised computer.
- Connects to the IRC server Proxima.ircgalaxy.pl using port 65520 on channel &virtu to await instructions and commands from a malicious user. These commands can cause the infected machine to download malicious files.
|
Description Last Updated Date: Oct 25, 2006
Reference: ID - 252377
|