Sunday, September 19, 2010

Remove W32/Virut Virus from Computer

W32/Virut is a polymorphic virus that infects executables and screensaver files, and attempts to downloads additional malware. The Virut.CM variant also injects an iframe object into HTML based files, disables Windows file protection in order to infect essential protected Windows system files. A viral thread, running under winlogon.exe or services.exe, attempts to connect to an IRC backdoor through port 80 or 65520, in order to download additional malware components.

Virut infects executable files as they are accessed, by either subverting a call through the IAT (import address table) in the original host code to jump to itself, or completely replacing the entry point of the executable file to point to itself. Because executable files are infected in this way, files on network drives accessed from an infected computer may also be infected.

Due to the aggressive nature of this malware, some infected files may become corrupted, to the point where they are not possible to repair or clean. In such cases certain files might have to be restored from a backup. Install best antivirus program that suites PC for removing this virus.


Post a Comment

Related Posts Plugin for WordPress, Blogger...

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Best Buy Printable Coupons