I have disabled all virus programs and closed all other programs before installing and running as instructed by bleepingcomputer.
Jump to content
Posted 28 October 2009 - 04:39 PM
Posted 28 October 2009 - 07:44 PM
There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.
W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)
Edited by m0le, 28 October 2009 - 07:45 PM.
Posted 01 November 2009 - 07:21 AM
Posted 01 November 2009 - 06:16 PM
Posted 01 November 2009 - 06:20 PM
Posted 06 November 2009 - 06:30 AM
0 members, 0 guests, 0 anonymous users