1. Symantec/
  2. Security Response/
  3. Trojan.VirtualRoot


Risk Level 2: Low

August 4, 2001
February 13, 2007 11:36:41 AM
Also Known As:
Codered II, Trojan.Win32.VirtualRoot [KAV], W32/CodeRed.c [McAfee], Troj/Codered-II [Sophos], Win32.CodeRed.C [CA], TROJ_CODERED.C [Trend]
Trojan Horse
Systems Affected:
CVE References:

Trojan.VirtualRoot is a Trojan horse program that is dropped by the CodeRed II and CodeRed.F worms. The Trojan allows a hacker to have full remote access to the Web server that is infected by CodeRed II or CodeRed.F. Norton AntiVirus can detect an infection of CodeRed II or CodeRed.F on a Web server by detecting the payload (Trojan component) of this worm as Trojan.VirtualRoot.

Symantec Security Response has created a tool to perform a vulnerability assessment of your computer and remove the CodeRed Worm, CodeRed II and CodeRed.F. To obtain the CodeRed removal tool, please click here.

The Trojan.VirtualRoot Trojan takes advantage of a vulnerability in Windows NT and Windows 2000. Download and install the following Microsoft security patch to address that problem and to stop the Trojan from reinfecting the computer:


Antivirus Protection Dates

  • Initial Rapid Release version August 4, 2001
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version August 4, 2001
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date August 4, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Richard Cave

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube