http://www.sophos.com/security/analyses/w32virutw.html W32/Virut-W is a virus for the Windows platform. W32/Virut-W attempts to hook the operating system and infect files with an EXE or SCR extension. W32/Virut-W may also attempt to connect to a remote IRC server, and may download and execute further files if instructed to do so. W32/Virut-W may modify the following registry entry in order to bypass the Windows firewall: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ StandardProfile\AuthorizedApplications\List
http://www.symantec.com/security_response/writeup.jsp?docid=2007-092718-3700-99&tabid=2 The virus opens a back door by connecting to the IRC server proxim.ircgalaxy.pl on TCP port 80 allowing a remote attacker to download files on to the compromised computer and execute them. http://www.2-spyware.com/remove-virut.html Virut is a virus that infects any executable files and screensavers that the user accesses. The parasite also opens a back door providing the attacker with unauthorized remote access to the compromised computer. The intruder can upload and run arbitrary files. Virut properties: • Allows remote user connection • Connects itself to the internet • Hides from the user • Stays resident in background Virut manual removal: Virut arrives in files with random names. The virus uses TCP port 65520. 1. Download Spyware Doctor (16.17 MB): http://www.pctools.com/downloads/afl_2-spyware/sdsetup.exe 2. Matiin dulu koneksi internet 3. Un-check IRC server atau jalur/port yang dipake w32.Virut di setingan Windows Firewall > Exceptions 4. Full scan pake Spyware Doctor atau Spy Sweeper salam^^ balthazor[at]oprekpc.com ||||||||||||||||||||||||original message|||||||||||||||||||||||||> Subject: [PCplus] w32.virut.w Sunday, February 3, 2008, 9:45:03 AM, "acmriel" <[EMAIL PROTECTED]> wrote: > ud dicoba bos pake PCMAV RC 23 ama RC 24 tapi masih blom ke hapus tuh > virus norton juga ud diupdate kalo ansav blom coba ntar deh Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/mailplus/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/mailplus/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
