Virut

Virut Description

Virut is a virus that infects any executable files and screensavers that the user is capableof accessing. Virut may also initiate backdoor programs that allow an outside party to gain unauthorized remote access to the compromised computer, allowing them access to personal and financial information, which may lead to identity theft. This may also allow attackers to upload and run capricious files or malicious software.

Aliases: Trj/Passtealer.FZ [Panda], Worm/Delf.GOD [AVG], W32/AutoRun.LW!worm [Fortinet], Trojan.Win32.Generic.122E5DEE, Win-Trojan/Autorun.59392.B [AhnLab-V3], Trojan.Win32.AutoRun.59392, Trojan/DiskAutorun.axl, W32/SillyFDC-BP [Sophos], TR/Agent.AGBR [AntiVir], Win32.HLLW.Autoruner.1773 [DrWeb], Worm.Win32.AutoRun.EY [Comodo], Trojan.Agent.AGBR [BitDefender], Worm.Win32.AutoRun.lw [Kaspersky], Trojan.Autorun-220 [ClamAV] and Win32:AutoRun-QM [Wrm] [Avast].

Technical Information

File System Details

Virut creates the following file(s):
# File Name Size MD5 Detection Count
1 %SYSTEMDRIVE%\users\scaner\documents\database.mdb 8,432 0a456ffff1d3fd522457c187ebcf41e4 1,652
2 %ALLUSERSPROFILE%Alwil Software .scr 114,688 877f32a2b7b611f4080f1ee1380c71ac 32
3 K:kop .scr 40,960 7a0b5674ec20b6455559ca1d70dc2c55 19
4 %SYSTEMDRIVE%\users\islam\appdata\roaming\musallat.exe 226,051 5176a58244391519e1adb48221377b58 7
5 %USERPROFILE%\Desktop\SecuGen\SgiBioSrv .scr 228,833 13ae3be4d7ec63dc38b3e6dc94a20abc 6
6 D:super cerame .scr 68,092 bafbe25d1051c4a2f42e2262538de8f5 3
7 toil.exe 8,192 ec8a1659c7d67a3859d515130bae3c4c 3
8 %USERPROFILE%\Desktop\111\ADORER AVEC NOUS .scr 3,373,568 5421ad3e8fbe0f8a04e617224f4abbf0 2
9 %ALLUSERSPROFILE%Local Settings .scr 204,800 6b6ec76eb7dd73effd7850563b4846e8 1
10 %ALLUSERSPROFILE%McAfee .scr 204,800 15dc3c8aae7c94d1da99db2efe3bcb20 1
11 %ALLUSERSPROFILE%Sun .scr 204,800 3f502c61562fcde6c1923acbd757c428 1
12 D:LAPTOP DATA .scr 47,612 349752fc724199059603073bacfa429e 1
13 %SystemDrive%FOUND.039 .scr 118,784 e64e104bd27c0e0c7eb7d1b528f45b06 1
14 D:doc01 .scr 114,688 d3dd17b567bdc7e7daa1ab36495d1bcb 1
15 %USERPROFILE%\Desktop\????\عععع .scr 76,284 7ab70d44ec07d076ea7dc7e8aff6a011 1
16 magistr.exe 77,824 a8cfcfa06303168b5f94e0696882a3c8 1
17 Prolin.exe 36,864 65eeb8a0fce412d7f236f8348357d1c0 0
18 Boomer.exe 36,864 2ca27551e11bf054f7c5cb98eac11408 0
19 naked.exe 73,732 da4371bc7347d3633c0eea308c9cb444 0
20 stator.exe 62,464 52a3b8dda9c9f1c87b77f9aa01e6777e 0
21 leave.exe 76,800 0eb3cca824da735aa040caa012450748 0
22 kiray.exe 13,496 f22ae972aee081ec86faa30e73d9675f 0
23 fintas.exe 36,864 42b1eb959ce76f9013e8e9922305ca29 0
24 paukor.exe 416,256 7e20359dfc0b2291487f1a45c4471988 0
25 badtrans.exe 40,960 15c2f7ece2c6647c5e45608e39b08e34 0
26 gip1.exe 45,056 dbea1cc228c9353851e06599788a5a5e 0
27 gip3.exe 82,848 644814aa418a3ae1716daa7fb484a539 0
More files

Registry Details

Virut creates the following registry entry or registry entries:
Directory
%PROGRAMFILES%\windows common files
%PROGRAMFILES(x86)%\windows common files
%TEMP%\E_4
%TEMP%\E_N4
File name without path
! My Picutre.SCR
!new.scr
images.scr
New Folder.exe
Thumbs .db
windows vista setup .scr
Regexp file mask
%ALLUSERSPROFILE%\Adobe .scr
%APPDATA%\Microsoft\winlog.exe
%APPDATA%\MusaLLaT.exe
%APPDATA%\readere_lm.com
%SystemRoot%\System32\XP-[RANDOM CHARACTERS].exe
%WINDIR%\dc.exe

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.