1. /
  2. Security Response/
  3. W32.Virut.A

W32.Virut.A

Risk Level 1: Very Low

Discovered:
May 13, 2006
Updated:
August 27, 2012 11:32:54 AM
Also Known As:
PE_VIRUT.A [Trend]
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
W32.Virut.A is a virus that infects executable files and opens a back door on TCP port 65520 by connecting to a predefined IRC server.

The virus creates an event named VT_3 so that only one copy of the threat runs on the compromised computer.

It will infect any accessed .exe or .scr file by appending itself to the executable. However it will not infect files starting with one of the following strings:
WC32
WCUN
WINC

The virus opens a back door on TCP port 65520 by connecting to the Proxima.ircgalaxy.pl IRC server on channel &virtu using a random nick name.

The back door allows an attacker to download files onto the compromised computer.
Writeup By: Mircea Ciubotariu
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver