W32/Virut.A
Analysis
- This virus infects running processes by writing the virus code to the target processes and creating a remote thread to execute it. It avoids infecting the following processes:
- [system process]
- system
- smss.exe
- csrss.exe
- Creates a named event to ensure that only one instance of the virus runs on the compromised computer.
- Connects to the IRC server Proxima.ircgalaxy.pl using port 65520 on channel &virtu to await instructions and commands from a malicious user. These commands can cause the infected machine to download malicious files.
Recommended Action
-
FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |