Win32/Virut [Threat Name] go to Threat

Win32/Virut.E [Threat Variant Name]

Category virus
Size 9728 B
Detection created Mar 25, 2007
Detection database version 2143
Aliases Virus.Win32.Virut.d (Kaspersky)
  W32.Virut.B (Symantec)
  W32/Virut.f.virus (McAfee)
Short description

Win32/Virut.E is a polymorphic file infector. The virus connects to the IRC network. It can be controlled remotely.

Executable file infection

The virus searches for executables with one of the following extensions:

  • .exe
  • .scr

Executables are infected by appending the code of the virus to the last section.


The host file is modified in a way that causes the virus to be executed prior to running the original code.


The virus avoids infecting files which contain one of the following strings in their file name:

  • WINC
  • WCUN
  • WC32
  • PSTO
Other information

The virus connects to the IRC network.


It can be controlled remotely.


The virus connects to the following address:

  • proxim.ircgalaxy.pl

The is able to update itself or execute an arbitrary file.


The virus contains the following text:

  • O noon of life! O time to celebrate!
  • O summer garden!
  • Relentlessly happy and expectant, standing: -
  • Watching all day and night, for friends I wait:
  • Where are you, friends? Come! It is time! It's late!

Please enable Javascript to ensure correct displaying of this content and refresh this page.