Win32.Virtob
Posted: November 16, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 51 |
| First Seen: | November 16, 2011 |
|---|---|
| OS(es) Affected: | Windows |
Win32.Virtob is a virus that infects normal system files and opens a backdoor that allows remote criminals to send further instructions for future attacks, up to and including allowing these hackers to control the PC. Although Win32.Virtob was first seen as far back as 2006, SpywareRemove.com malware researchers have also noted recent Win32.Virtob variants that have been distributed along with Win32.Worm.Coidung.B worms in Yahoo messenger spam. If you've recently opened a suspicious file attachment from a Yahoo instant message, your PC may be infected by this two-combo attack, and it's recommended that you resort to a trustworthy anti-malware program, before irreparable damage occurs.
The Old Variants of Win32.Virtob
Old variants of Win32.Virtob although low in distribution as of 2011, are still able to present a threat to your P, if presented with an opportunity to attack. Common Win32.Virtob infection routes include widely-distributed .exe files (such as P2P network files) and malicious sites that install malicious programs automatically, by exploiting drive-by-download scripts. This version of Win32.Virtob will seek to infect unrelated .exe and .scr files; as a result, Win32.Virtob may be undetectable except for a minor increase in RAM usage for related programs. Once Win32.Virtob infects your PC, Win32.Virtob will use the port 65520 to contact a command server, via IRC, for additional instructions.
Although Win32.Virtob can vary its behavior based on the instructions that are fed to Win32.Virtob by remote servers, Win32.Virtob's primary functions are related to opening a backdoor in the infected computer's security. SpywareRemove.com malware experts caution against underestimating this nearly-invisible threat, since Win32.Virtob will allow remote criminals to take highly-invasive actions that may include exerting total control over your PC.
The New Breed of Win32.Virtob with a Partner in Crime
A new version of Win32.Virtob has also been distributed in recent times by the worm Win32.Worm.Coidung.B. This distribution method uses instant message spam from YIM to show off the doubly-infected .exe file attachment, which bears the name 'office_genuine.exe.' Despite its name, this file isn't affiliated with Microsoft's Office Genuine Advantage program and has no purpose, except to trick you into installing both Win32.Worm.Coidung.B and its cohort, the Win32.Virtob virus.
This variant of Win32.Virtob is notably-dangerous for its ability to hitch rides with Coidung.B and travel to any location that the worm can access. These locations include folders that are shared on local networks as well as removable drives, which Win32.Worm.Coidung.B will copy itself to as part of its default behavior. As a result, if you don't keep a careful watch on your computer's security in these areas, you may unintentionally spread both Win32.Virtob and Win32.Worm.Coidung.B to other computers.
Other than its new propagation trick, this version of Win32.Virtob behaves in a similar way as other Win32.Virtob variants and utilizes similar types of backdoor attacks against your computer's security programs. You can, however, remove Win32.Virtob and Win32.Worm.Coidung.B with any good anti-malware program, as long as you take suitable steps to prevent Win32.Virtob or its partner from shutting the program down.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 165.37 KB (165376 bytes)
MD5: 78cc35869214a6258af56206ed51f967
Detection count: 95
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 17, 2011
file.exe
File name: file.exeSize: 761.85 KB (761856 bytes)
MD5: 87d62f9fa0c769cd36b0e25000aa0469
Detection count: 74
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 17, 2011
file.exe
File name: file.exeSize: 245.76 KB (245760 bytes)
MD5: f31863f55e7587757195931d487ecabf
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 17, 2011
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.