English 
Virus.Virut.a Virus.Virut.a
By
GoldSparrow in Viruses |
282 views
Rate it: 
(1 votes, average: 3.00 out of 5)
Loading ...
(1 votes, average: 3.00 out of 5) Loading ...
Virus.Virut.a Description
Virus.Virut.A is a nasty virus that spreads through browser security exploits, IRC, and over network shares. Once it is executed, Virus.Virut.A will hide deeply in memory and will try to infect any .exe or .scr files that are executed on your machine. Virus.Virut.A will also attempt to open up a TCP backdoor on port 65520 so that the remote attacker can gain access to any information on your computer. This places any financial or banking information stored on your computer in severe jeopardy and represents a serious security risk.
Type: Viruses
Automatic Detection of Virus.Virut.a
Virus.Virut.a Technical Report
As new Virus.Virut.a details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following Virus.Virut.a files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| clean_c1c9.dll | 38216 | 717e803bb4af21c000bc86e0fd781055 |
| pivgrj.exe | 66560 | 530e94cdf915f6b410fa7ce241474fb9 |
| xlxhgsb.exe | 52510 | 6e5aedaa2c4bae55a3d19250c69ed427 |
| 173906.exe | 163840 | 8d27023c28fa6c0cef6729169e664ae7 |
| 3152546.exe | 163840 | 2c74a0b304f5019adcba8409ac741d16 |
| 49171.exe | 163840 | c6b0a61f184eb78a3b727447fd445396 |
| 50937.exe | 20532 | e80a2d6b7ad5809933598b9ee18fabf0 |
| 51296.exe | 163840 | 5e4a95fb112dcdd9c5383012dd1b55ac |
| 51671.exe | 20532 | 31e571cda65d1bb4c74b8b59c2a6bf7e |
| 60156.exe | 163840 | 9937f6ad1d451ad05015762a24e0af0c |
| giI69380.exe | 131072 | b6ea5ecfc21dc7b77376d80f8251b9ea |
| giI69VPH.exe | 131072 | 7ec20fa76032df5867718ace618e089f |
| Resume.exe | 131584 | 42c8a04c697f9f0b0520fefdb3a2c50e |
| Resume.exe | 131584 | 1ec577f5812b47e6e50c319a10dd4a7c |
| malware.exe | 119296 | 128e9c52e27cdceaa46368bec7d81ae2 |
| malware.exe | 125440 | b9526c9af11fefd64050ef191aad2975 |
| malware.exe | 123392 | c2671a573968e0b4a1e8329e3028e3a1 |
| malware.exe | 588392 | 981e83dd29bbd46ae0c449eb04e148d3 |
| epmmndvicjgn.exe | 43520 | 9cc42b50ed131c60a581e3681da7bb10 |
| logon.exe | 115200 | 3241b965575268b32606cd045edf38e5 |
| MailSpectre.exe | 102400 | 5b7ead71abcb5e91b7d6fc15da084630 |
| nnabdcu.exe | 43520 | 63f087b721cd76c3b04e65b1c7f80907 |
| protector.exe | 15360 | 21c723c661c4b72e0ed87368c00babe7 |
| qwgdrgusjeirkw.exe | 37888 | 4111feb61a96cb261216e8e3d9665140 |
| vivmy.exe | 49152 | 1bd268b7545e403a2bc42980c036786f |
| wujein.exe | 37888 | 9844bf49492e65dd7b71b2e17f93280c |
| r1w2821.exe | 15446 | b815cb04ab30ec2b85fbee51ff610dbd |
| f03WtR1066.exe | 40960 | 0ba4f23324781ae6209090ebabc74ca2 |
| ces005dr.exe | 30737 | 410eb66fb1ab3ee3dba7ebaabcab657b |
| baba[1].exe | 10240 | d71ce37610732ed474cc5fc8415ae2c5 |
| j8j88j.exe | 10240 | d71ce37610732ed474cc5fc8415ae2c5 |
| j8j88j.exe | 45056 | b211eb32ce417bc8d685f9c9494ce777 |
| j8j88j.exe | 77824 | 14cfef453cbfb7ddbdf8bc6ee88e9029 |
| j8j88j.exe | 77824 | 18fe4f8cd5e782d5aeec27ac5c585bbe |
| j8j88j.exe | 97640 | 3a38815df7ffe10eb965a02c45536075 |
Virus.Virut.a has typically the following processes in memory:
- xlxhgsb.exe
- f03WtR1066.exe
- pivgrj.exe
- r1w2821.exe
- clean_c1c9.dll
- MailSpectre.exe
- j8j88j.exe
Virus.Virut.a creates the following registry entries:
- Software\Microsoft\Windows\CurrentVersion\RunServices\NS Lookup App
- SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Windows Update
- Software\Microsoft\OLE\Windows Update
- SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\QP[Pu]HISMMMMVLUXNQT
- Software\Microsoft\OLE\NS Lookup App
- SYSTEM\CurrentControlSet\Control\Lsa\NS Lookup App
- Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Xtqbdip
Important Article Disclaimer
This entry was posted
on 09/6/07 and is filed under Viruses.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
