- May 13, 2006
- August 27, 2012 11:32:54 AM
Also Known As:
- PE_VIRUT.A [Trend]
W32.Virut.A is a virus that infects executable files and opens a back door on TCP port 65520 by connecting to a predefined IRC server.
The virus creates an event named VT_3 so that only one copy of the threat runs on the compromised computer.
It will infect any accessed .exe or .scr file by appending itself to the executable. However it will not infect files starting with one of the following strings:
The virus opens a back door on TCP port 65520 by connecting to the Proxima.ircgalaxy.pl IRC server on channel &virtu using a random nick name.
The back door allows an attacker to download files onto the compromised computer.
Writeup By: Mircea Ciubotariu