1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Malicious Site: W32.Virut 2

Malicious Site: W32.Virut 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects an infected webpage that has been modified by W32.Virut family of viruses. This webpage may redirect the users to a malicious web site which may compromise the target machine.

Additional Information

W32.Virut!html is a generic detection for HTML files infected by variants of the W32.Virut family of viruses. It may contain the functionality to redirect users to a malicious Web site that may exploit the browser.

For more information, please see the following resources:


  • Windows


No further action is required but you may wish to perform some of the following actions as a precautionary measure.
Run the Norton Power Eraser. (home users)
Run the Symantec Power Eraser. (business users)
Update your product definitions and perform a full system scan.
Identify suspicious files.
Submit suspicious files to Symantec for analysis.

If you believe that the signature is reported erroneously, please read the following:
Change the behavior of Symantec IPS signatures.
Report a potential false positive to Symantec.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube