W32.Virut.G

Posted: January 2, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	5,719
Threat Level:	1/10
Infected PCs:	2,358

First Seen:	January 5, 2012
Last Seen:	October 12, 2023
OS(es) Affected:	Windows

W32.Virut.G is a virus from the Win32/Virut family that was first identified in 2007 but remains a prolific threat even in 2012. This fact is particularly-obvious given W32.Virut.G's ranking as one of the 'top ten malware of the year' by some sources, although some regions (particularly Romania) are in greater danger of being attacked by W32.Virut.G than others. Because W32.Virut.G can function as a dropper as well as a backdoor Trojan, SpywareRemove.com malware researchers recommend that any possible W32.Virut.G infection be removed by anti-malware software that can also remove any related PC threats that W32.Virut.G may have had a hand in installing onto your computer. Other than minor changes to your network settings and the disabled use of programs that W32.Virut.G infects, W32.Virut.G may show negligible symptoms of its presence.

W32.Virut.G – An Assassin of Security That's Hiding in Your Executable Files

W32.Virut.G, like other Virut viruses, infects separate .scr and .exe files instead of having its own files. Infected files can be identified by minor size increases, a recent 'last modified' date stamp and a possible lack of functionality in the program itself, which may fail to launch at all. You may also be able to detect W32.Virut.G by its usage of excessive system resources (such as RAM) from within these files by monitoring the Windows Task Manager's Processes tab. Even if W32.Virut.G doesn't appear to be active at any given moment, SpywareRemove.com malware research team warns that, as a PC threat with backdoor functionality, W32.Virut.G may make system changes that make your PC vulnerable to attack even while W32.Virut.G isn't resident in memory.

W32.Virut.G is also noted for its polymorphic status that allows W32.Virut.G to change superficial characteristic to avoid detection, especially after attempted removal. Other side effects of a W32.Virut.G infection that SpywareRemove.com malware researchers have found include:

Opened network ports that allow W32.Virut.G to download and install PC threats from remote servers.
The creation of an IRC (Internet Relay Chat) backdoor that can allow criminals to access your PC for the purposes of stealing information, conducting DDoS actions and making other attacks either against your computer or attacks that utilize its resources.

Exterminating W32.Virut.G's File Invasion

Independent sources have ranked W32.Virut.G as even more widespread than LNK.Exploit, Worm.VBNA and Worm.Slenfbot for 2011. Along with the symptoms noted above, other side effects of W32.Virut.G can include a large range of possibilities due to W32.Virut.G's dropper function that allows W32.Virut.G to install other PC threats. SpywareRemove.com malware experts, accordingly, recommend prompt removal of W32.Virut.G if you ever suspect its presence on your computer and identification with anti-malware software whenever possible.

Hungary, South Africa, Japan and Romania are all countries that are particularly-targeted by W32.Virut.G, with Romania being far and away the top contender for 'most often attacked by W32.Virut.G.' SpywareRemove.com malware research team recommends that you keep anti-malware products available whenever you access suspicious files or websites from these regions to keep your PC safe from potential W32.Virut.G intrusions. Reputable anti-malware scanners can delete Win32.Virut.G without harm to the inadvertent host files that Win32.Virut.G has infected.

Aliases

Suspicious file [Panda]Suspicion: unknown virus [AVG]W32/Buzus.GF!tr [Fortinet]Trojan.Win32.Menti [Ikarus]Trojan/Win32.Buzus [AhnLab-V3]TR/Buzus.C.265 [AntiVir]BackDoor.Cybergate.1 [DrWeb]TrojWare.Win32.Buzus.DAS [Comodo]W32/Scribble-B [Sophos]Gen:Variant.Minggy.5 [BitDefender]Virus.Win32.Virut.ce [Kaspersky]Win32:Agent-AMTX [Trj] [Avast]W32.Virut.CF [Symantec]W32/CeeInject.R.gen!Eldorado [F-Prot]a variant of Win32/Injector.EZF [NOD32]
More aliases (30)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

C:\Users\<username>\Desktop\Danix\MMC sergio\Nova pasta\589485658\.EveryplayCache.exe

File name: .EveryplayCache.exe
Size: 100.35 KB (100352 bytes)
MD5: ed5c3a1d648013d9ebb690456c01a655
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\Desktop\Danix\MMC sergio\Nova pasta\589485658\.EveryplayCache.exe
Group: Malware file
Last Updated: December 30, 2021