Jump to content
Posted 13 March 2009 - 06:21 PM
Posted 13 March 2009 - 07:41 PM
Posted 13 March 2009 - 07:49 PM
Posted 13 March 2009 - 08:09 PM
Edited by boopme, 13 March 2009 - 08:11 PM.
Posted 13 March 2009 - 08:42 PM
Edited by _53V3N_, 13 March 2009 - 09:04 PM.
Posted 13 March 2009 - 09:19 PM
Posted 13 March 2009 - 09:52 PM
Posted 14 March 2009 - 09:59 AM
There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.
W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)
Posted 14 March 2009 - 10:44 AM
Posted 14 March 2009 - 10:52 AM
Posted 18 March 2009 - 01:54 AM
Edited by _53V3N_, 18 March 2009 - 02:33 AM.
Posted 20 March 2009 - 02:05 PM
Posted 20 March 2009 - 04:00 PM
I suggest you Format your flash-drive as well. Then run flash-drive disinfector afterwards, there may be infected files on your flash-drive. Make sure all executables or .html or .htm files are not there.
Finally... since I had my thumb drive plugged into my computer a few times while the infected OS was running, are there any special precautions I need to take before using that drive again?
Posted 20 March 2009 - 04:07 PM
Posted 20 March 2009 - 04:15 PM
USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...
0 members, 0 guests, 0 anonymous users