Virut is a polymorphic file infecting
Virus, that aggressively
infects most exe files and screen saver
files on the system. It is to infecting
executables, Virut will also infect most
HTML based files on the system.
signs of Virut:
• Windows desktop wallpaper and screen saver
settings altered by itself
• Internet connection will be very slow and sluggish
browser and also Pc performance
• BSOD error due to the corrupt system files.
• Browser hijack and search hijack
• virut processes in Windows
leads to error bleep
sounds
Note: Some times windows firewalls get totally disabled and also the host files get overwritten.
(Host file is present in C:\Windows\System32\drivers\etc)
Usually Host files look this:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
This is an example of non-malicious host file.
The following is virut infected host file:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 **.*****.pl
<some ip> <random domain name>
Like this way only it appends.
This Virus also have the ability to block list of antivirus websites to avoid the update of antivirus software:
• avira
• avast
• eset
• ahnlab
• centralcommand
• drweb
• grisoft
• nod32
• f-prot
• jotti
• kaspersky
• f-secure
• computerassociates
• networkassociates
• etrust
• panda
• sophos
• trendmicro
• mcafee
• norton
• symantec
• defender
• rootkit
• malware
• spyware
• avg
• windowsupdate
• wilderssecurity
• threatexpert
• castlecops
• spamhaus
• cpsecure
• arcabit
• emsisoft
• sunbelt
• securecomputing
• rising
• prevx
• pctools
• norman
• k7computing
• ikarus
• hauri
• hacksoft
• gdata
• fortinet
• ewido
• clamav
• comodo
• quickheal
Post by
newWorld
Virus, that aggressively
infects most exe files and screen saver
files on the system. It is to infecting
executables, Virut will also infect most
HTML based files on the system.
signs of Virut:
• Windows desktop wallpaper and screen saver
settings altered by itself
• Internet connection will be very slow and sluggish
browser and also Pc performance
• BSOD error due to the corrupt system files.
• Browser hijack and search hijack
• virut processes in Windows
leads to error bleep
sounds
Note: Some times windows firewalls get totally disabled and also the host files get overwritten.
(Host file is present in C:\Windows\System32\drivers\etc)
Usually Host files look this:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
This is an example of non-malicious host file.
The following is virut infected host file:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 **.*****.pl
<some ip> <random domain name>
Like this way only it appends.
This Virus also have the ability to block list of antivirus websites to avoid the update of antivirus software:
• avira
• avast
• eset
• ahnlab
• centralcommand
• drweb
• grisoft
• nod32
• f-prot
• jotti
• kaspersky
• f-secure
• computerassociates
• networkassociates
• etrust
• panda
• sophos
• trendmicro
• mcafee
• norton
• symantec
• defender
• rootkit
• malware
• spyware
• avg
• windowsupdate
• wilderssecurity
• threatexpert
• castlecops
• spamhaus
• cpsecure
• arcabit
• emsisoft
• sunbelt
• securecomputing
• rising
• prevx
• pctools
• norman
• k7computing
• ikarus
• hauri
• hacksoft
• gdata
• fortinet
• ewido
• clamav
• comodo
• quickheal
Post by
newWorld
No comments:
Post a Comment