1. Symantec/
  2. Security Response/
  3. W32.Virut.A


Risk Level 1: Very Low

May 13, 2006
August 27, 2012 11:32:54 AM
Also Known As:
PE_VIRUT.A [Trend]
Systems Affected:
W32.Virut.A is a virus that infects executable files and opens a back door on TCP port 65520 by connecting to a predefined IRC server.

The virus creates an event named VT_3 so that only one copy of the threat runs on the compromised computer.

It will infect any accessed .exe or .scr file by appending itself to the executable. However it will not infect files starting with one of the following strings:

The virus opens a back door on TCP port 65520 by connecting to the Proxima.ircgalaxy.pl IRC server on channel &virtu using a random nick name.

The back door allows an attacker to download files onto the compromised computer.
Writeup By: Mircea Ciubotariu
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube