(2 votes, average: 4.00 out of 5)
Loading ...
Português|
|
Tweet |  More |
Virus.Virut.a Description
Virus.Virut.A is a nasty virus that spreads through browser security exploits, IRC, and over network shares. Once it is executed, Virus.Virut.A will hide deeply in memory and will try to infect any .exe or .scr files that are executed on your machine. Virus.Virut.A will also attempt to open up a TCP backdoor on port 65520 so that the remote attacker can gain access to any information on your computer. This places any financial or banking information stored on your computer in severe jeopardy and represents a serious security risk.
Type: Viruses
How Can You Detect Virus.Virut.a?
Virus.Virut.a Technical Report
As new Virus.Virut.a details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following Virus.Virut.a files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| clean_c1c9.dll | 38216 | 717e803bb4af21c000bc86e0fd781055 |
| pivgrj.exe | 66560 | 530e94cdf915f6b410fa7ce241474fb9 |
| xlxhgsb.exe | 52510 | 6e5aedaa2c4bae55a3d19250c69ed427 |
| 173906.exe | 163840 | 8d27023c28fa6c0cef6729169e664ae7 |
| 3152546.exe | 163840 | 2c74a0b304f5019adcba8409ac741d16 |
| 49171.exe | 163840 | c6b0a61f184eb78a3b727447fd445396 |
| 50937.exe | 20532 | e80a2d6b7ad5809933598b9ee18fabf0 |
| 51296.exe | 163840 | 5e4a95fb112dcdd9c5383012dd1b55ac |
| 51671.exe | 20532 | 31e571cda65d1bb4c74b8b59c2a6bf7e |
| 60156.exe | 163840 | 9937f6ad1d451ad05015762a24e0af0c |
| giI69380.exe | 131072 | b6ea5ecfc21dc7b77376d80f8251b9ea |
| giI69VPH.exe | 131072 | 7ec20fa76032df5867718ace618e089f |
| Resume.exe | 131584 | 42c8a04c697f9f0b0520fefdb3a2c50e |
| Resume.exe | 131584 | 1ec577f5812b47e6e50c319a10dd4a7c |
| malware.exe | 119296 | 128e9c52e27cdceaa46368bec7d81ae2 |
| malware.exe | 125440 | b9526c9af11fefd64050ef191aad2975 |
| malware.exe | 123392 | c2671a573968e0b4a1e8329e3028e3a1 |
| malware.exe | 588392 | 981e83dd29bbd46ae0c449eb04e148d3 |
| epmmndvicjgn.exe | 43520 | 9cc42b50ed131c60a581e3681da7bb10 |
| logon.exe | 115200 | 3241b965575268b32606cd045edf38e5 |
| MailSpectre.exe | 102400 | 5b7ead71abcb5e91b7d6fc15da084630 |
| nnabdcu.exe | 43520 | 63f087b721cd76c3b04e65b1c7f80907 |
| protector.exe | 15360 | 21c723c661c4b72e0ed87368c00babe7 |
| qwgdrgusjeirkw.exe | 37888 | 4111feb61a96cb261216e8e3d9665140 |
| vivmy.exe | 49152 | 1bd268b7545e403a2bc42980c036786f |
| wujein.exe | 37888 | 9844bf49492e65dd7b71b2e17f93280c |
| r1w2821.exe | 15446 | b815cb04ab30ec2b85fbee51ff610dbd |
| f03WtR1066.exe | 40960 | 0ba4f23324781ae6209090ebabc74ca2 |
| ces005dr.exe | 30737 | 410eb66fb1ab3ee3dba7ebaabcab657b |
| baba[1].exe | 10240 | d71ce37610732ed474cc5fc8415ae2c5 |
| j8j88j.exe | 10240 | d71ce37610732ed474cc5fc8415ae2c5 |
| j8j88j.exe | 45056 | b211eb32ce417bc8d685f9c9494ce777 |
| j8j88j.exe | 77824 | 14cfef453cbfb7ddbdf8bc6ee88e9029 |
| j8j88j.exe | 77824 | 18fe4f8cd5e782d5aeec27ac5c585bbe |
| j8j88j.exe | 97640 | 3a38815df7ffe10eb965a02c45536075 |
Virus.Virut.a Removal Details
Virus.Virut.a has typically the following processes in memory:
- xlxhgsb.exe
- f03WtR1066.exe
- pivgrj.exe
- r1w2821.exe
- clean_c1c9.dll
- MailSpectre.exe
- j8j88j.exe
Virus.Virut.a creates the following files in the system:
- Windows Logon Application
- nslookup32.exe~
- spoolsvc.exe~
- Spooler SubSystem App
- NS Lookup App
- MsUpdaters.exe~
- QP[Pu]HISMMMMVLUXNQT
- Windows Update
- Isass.exe~
- winIogon.exe~
Virus.Virut.a creates the following registry entries:
- Software\Microsoft\Windows\CurrentVersion\RunServices\NS Lookup App
- SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Windows Update
- Software\Microsoft\OLE\Windows Update
- SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\QP[Pu]HISMMMMVLUXNQT
- Software\Microsoft\OLE\NS Lookup App
- SYSTEM\CurrentControlSet\Control\Lsa\NS Lookup App
- Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Xtqbdip
Important Article Disclaimer
This entry was last updated on 05/13/09 and posted on 09/6/07.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Virus.Virut.a
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.