1. /
  2. Security Response/
  3. Trojan.VirtualRoot


Risk Level 2: Low

August 4, 2001
February 13, 2007 11:36:41 AM
Also Known As:
Codered II, Trojan.Win32.VirtualRoot [KAV], W32/CodeRed.c [McAfee], Troj/Codered-II [Sophos], Win32.CodeRed.C [CA], TROJ_CODERED.C [Trend]
Trojan Horse
Systems Affected:
Windows 2000, Windows NT
CVE References:

Trojan.VirtualRoot is a Trojan horse program that is dropped by the CodeRed II and CodeRed.F worms. The Trojan allows a hacker to have full remote access to the Web server that is infected by CodeRed II or CodeRed.F. Norton AntiVirus can detect an infection of CodeRed II or CodeRed.F on a Web server by detecting the payload (Trojan component) of this worm as Trojan.VirtualRoot.

Symantec Security Response has created a tool to perform a vulnerability assessment of your computer and remove the CodeRed Worm, CodeRed II and CodeRed.F. To obtain the CodeRed removal tool, please click here.

The Trojan.VirtualRoot Trojan takes advantage of a vulnerability in Windows NT and Windows 2000. Download and install the following Microsoft security patch to address that problem and to stop the Trojan from reinfecting the computer:


Antivirus Protection Dates

  • Initial Rapid Release version August 4, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version August 4, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date August 4, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: High
  • Threat Containment: Moderate
  • Removal: Moderate


  • Damage Level: Low


  • Distribution Level: Medium
Writeup By: Richard Cave

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver