 |
W32/Virut.U Virus
| Name |
W32/Virut.U Virus |
| Aliases |
W32.Virut.U |
| Discovered on |
September 06, 2007 |
 Virus Information - W32/Virut.U Virus:
W32/Virut.U is a virus. The virus will infect Windows systems and spreads through email.
Upon execution, the virus creates an event named Vx_4 to check that only one instance of the threat runs on the infected system.
The virus affects to infect all .exe and .scr files on the infected system.
It avoids infecting files, where file names starts with any of the following strings:
 PSTO
WC32
WCUN
WINC
It modifies the registry at the following location to ensure its automatic execution at every Windows startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\"TargetHost"
The above registry entry contains IP address and port number information. The virus may then use this information to open a back door on the compromised computer.
If the value in the above registry entry is not available, the virus may open a back door on TCP port 80 using the IRC server ircd.zief.pl.
The virus uses (Eight Random characters) on the above channel.
The back door allows a remote attacker to download files on to the infected computer and execute them.
|
