Virut is known by the following strings: W32/Virut.n , PE_VIRUX.A , W32.Virut.CF , jjjjj This virus is known to change .exe and .scr files and can also download other programs onto a users computer. Many people also havea back door created that a attcker can use to gain control of the computer. this is done by using the follwoing IRC server:
- irc.zief.pl on TCP port 80
- proxim.ircgalaxy.pl on TCP port 80
People who are also infected with this will get constant re-directs in there browser to the follwoing or similar location: [http://]ZieF.pl/r[REMOVED] Virut also infects the computer host file and inserts the following string that causes the re-direct 127.0.0.1 ZieF.pl # This virus also disables Windows File Protection so it can infect the computer. If you are infected with Virut then you need to take action and remove this threat at once. We provide several options and sugestions to help remove Virut. Download this FixVirut tool : This file must be ran in safe mode. We do recommend you disable any netowork device or unplug your internet cable. Again this needs to be ran in safe mode. If you do not know view this how to go into safe mode guide. Download a trial of SpyHunter here and run a full scan. You may need to install this after you run the FixVurut tool. Be sure and update the product before you run the scan. Prevent this type of infection again
Update: 4-29-2013
Just for kicks we located and found a recent trace of viruit. Very hard to do. The Symantic tool we linked to still is functional and works. It’s free so if you find yourself infected be sure and use it.
Speak Your Mind