Threat Encyclopedia

W32/Virut.B

description-logoAnalysis

  • This virus infects running processes by writing the virus code to the target processes and creating a remote thread to execute it. It avoids infecting the following processes:
    • system
    • smss.exe
    • csrss.exe
  • Creates a named event VT_3 to ensure that only one instance of the virus runs on the compromised computer.
  • Connects to the IRC server(proxima.ircgalaxy.pl:65520) on channel &virtu to await instructions and commands from a malicious user. These commands can cause the infected machine to download malicious files.
  • recommended-action-logoRecommended Action

  • Check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed. If required, enable the "Allow Push Update" option
  • Telemetry logoTelemetry