1. /
  2. Security Response/
  3. Trojan.VirtualRoot

Trojan.VirtualRoot

Risk Level 2: Low

Discovered:
August 4, 2001
Updated:
February 13, 2007 11:36:41 AM
Also Known As:
Codered II, Trojan.Win32.VirtualRoot [KAV], W32/CodeRed.c [McAfee], Troj/Codered-II [Sophos], Win32.CodeRed.C [CA], TROJ_CODERED.C [Trend]
Type:
Trojan Horse
Systems Affected:
Windows 2000, Windows NT
CVE References:
CVE-2000-0663


Trojan.VirtualRoot is a Trojan horse program that is dropped by the CodeRed II and CodeRed.F worms. The Trojan allows a hacker to have full remote access to the Web server that is infected by CodeRed II or CodeRed.F. Norton AntiVirus can detect an infection of CodeRed II or CodeRed.F on a Web server by detecting the payload (Trojan component) of this worm as Trojan.VirtualRoot.

Symantec Security Response has created a tool to perform a vulnerability assessment of your computer and remove the CodeRed Worm, CodeRed II and CodeRed.F. To obtain the CodeRed removal tool, please click here.



The Trojan.VirtualRoot Trojan takes advantage of a vulnerability in Windows NT and Windows 2000. Download and install the following Microsoft security patch to address that problem and to stop the Trojan from reinfecting the computer:

http://www.microsoft.com/technet/security/bulletin/MS00-052.asp

Antivirus Protection Dates

  • Initial Rapid Release version August 4, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version August 4, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date August 4, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: High
  • Threat Containment: Moderate
  • Removal: Moderate

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Medium
Writeup By: Richard Cave

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver