virus logo Virus

W32/Virut.B

description-logoAnalysis

  • This virus infects running processes by writing the virus code to the target processes and creating a remote thread to execute it. It avoids infecting the following processes:
    • system
    • smss.exe
    • csrss.exe
  • Creates a named event VT_3 to ensure that only one instance of the virus runs on the compromised computer.
  • Connects to the IRC server(proxima.ircgalaxy.pl:65520) on channel &virtu to await instructions and commands from a malicious user. These commands can cause the infected machine to download malicious files.
    •

    recommended-action-logoRecommended Action

  • Check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed. If required, enable the "Allow Push Update" option

    • Telemetry logoTelemetry

    Detection Availability

    FortiGate
    Extended
    FortiClient
    FortiMail
    FortiSandbox
    FortiWeb
    Web Application Firewall
    FortiIsolator
    FortiDeceptor
    FortiEDR

    Version Updates

    Date Version Detail
    2023-01-30 91.00125
    2023-01-12 90.09587
    2022-12-30 90.09201
    2022-12-20 90.08902
    2022-07-12 90.04092
    2022-05-31 90.02802
    2022-05-25 90.02622
    2021-11-30 89.07343
    2021-11-16 89.06923
    2021-11-09 89.06714
    ID 253488
    Released Dec 03, 2006
    Description
    Updated    		 Dec 03, 2006
    Aliases Virus.Win32.Virut.b, W32/Virut-B, PE_VIRUT.B, Win32/Virut.B virus
    Platform Profile Win32 file format / PE 32 bit