Virus:Win32/Virut.AC
Virus:Win32/Virut.AC is a malicious spyware virus which uses malicious tricks to download harmful malware from the web. Once inside a computer system, Virus:Win32/Virut.AC will connect to a remote server and download potentially malicious files. Virus:Win32/Virut.AC may also block a victim's access to the Internet. Virus:Win32/Virut.AC uses a program that downloads files to the local computer that may represent security threat as it is able to modify other files by infecting, prepending, or overwriting them with its own body. Virus:Win32/Virut.AC is a dangerous security threat to your computer and should to be removed immediately.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\[UserName]\Application Data\WRblt8464P 2 %UserProfile%\Local Settings\Application Data\[random]\[random].exe 3 alg.exe 4 Random.exe 5 services.exe 6 svchost.exe 7 Virus:Win32/Virut.AC.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings 'ProxyOverride' = ''HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations 'LowRiskFileTypes' = '.exe'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 'Protection Center'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}\LocalServer32HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall?1[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}\LocalServer32][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}] (Default) = "kvjsrqrshvlhbhjz"HKEY..\..\..\..{RegistryKeys}(Default) = "[file and pathname of the sample #1]"HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExtHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run '[random string]'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.