Virus:Win32/Virut.AC
Virus.Win32.Virut.ac is a very malicious computer virus that was created to enable remote access to your computer system to largely take over your precious system resources, track your Internet habits to record/steal your personal data, harm essential system files and leak your privacy. Virus:Win32/Virut.AC is able to delete important files and make your computer system or network completely unusable. Once installed, Virus:Win32/Virut.AC starts attacking your computer with unlimited pop-up alerts and undesired advertisements. It is recommended to remove Virus:Win32/Virut.AC immediately from your PC before it leads to other damages.
File System Details
Virus:Win32/Virut.AC may create the following file(s):
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | services.exe | |
2. | %UserProfile%\Local Settings\Application Data\[random]\[random].exe | |
3. | alg.exe | |
4. | Virus:Win32/Virut.AC.exe | |
5. | Random.exe | |
6. | svchost.exe | |
7. | %Documents and Settings%\[UserName]\Application Data\WRblt8464P |
Registry Details
Virus:Win32/Virut.AC may create the following registry entry or registry entries:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}] (Default) = "kvjsrqrshvlhbhjz"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run '[random string]'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 'Protection Center'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations 'LowRiskFileTypes' = '.exe'
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}\LocalServer32
(Default) = "[file and pathname of the sample #1]"
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings 'ProxyOverride' = ''
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}\LocalServer32]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall?1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.