Jump to content
Posted 21 April 2009 - 03:01 PM
Posted 21 April 2009 - 03:39 PM
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.
There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.
W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)
Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.
Posted 30 June 2009 - 06:52 PM
0 members, 0 guests, 0 anonymous users