Win32/Virut [Threat Name] go to Threat
Win32/Virut.E [Threat Variant Name]
Category | virus |
Size | 9728 B |
Aliases | Virus.Win32.Virut.d (Kaspersky) |
W32.Virut.B (Symantec) | |
W32/Virut.f.virus (McAfee) |
Short description
Win32/Virut.E is a polymorphic file infector. The virus connects to the IRC network. It can be controlled remotely.
Executable file infection
The virus searches for executables with one of the following extensions:
- .exe
- .scr
Executables are infected by appending the code of the virus to the last section.
The host file is modified in a way that causes the virus to be executed prior to running the original code.
The virus avoids infecting files which contain one of the following strings in their file name:
- WINC
- WCUN
- WC32
- PSTO
Other information
The virus connects to the IRC network.
It can be controlled remotely.
The virus connects to the following address:
- proxim.ircgalaxy.pl
The is able to update itself or execute an arbitrary file.
The virus contains the following text:
- O noon of life! O time to celebrate!
- O summer garden!
- Relentlessly happy and expectant, standing: -
- Watching all day and night, for friends I wait:
- Where are you, friends? Come! It is time! It's late!