W32/Virut.gen
W32/Virut.gen is a polymorphic worm that attempts to use browser exploits to replicate itself on vulnerable systems. Although it does not do much damage to systems personally, it can quietly download far more hazardous malware, creating more problems the longer it's allowed to operate. Because of this, W32/Virut.gen should be considered a high-level threat to expunge the instant you spot it.
Where W32/Virut.gen Came From and How It Got to You
Though the exact origin point hasn't been verified yet, the most likely origin point for W32/Virut.gen is China, followed by Germany. Other than China, most infection incidents so far have occurred in Europe and Israel. W32/Virut.gen first appeared in 2007, but because of its polymorphic nature and emphasis on spreading itself, the worm remains a threat to unprotected computers.
W32/Virut.gen spreads by inserting redirection HTML tags into executables (.exe). These tags will cause the worm to be automatically installed should the browser lack the security measures to interrupt it. As a worm, W32/Virut.gen can slither into many kinds of executables, such as P2P adult movie files and codec updates. W32/Virut.gen may also spread through unwanted email messages and can email itself by using the host computer's contact lists. Suitable files on any hosting computer may be converted to the worm's cause, and a W32/Virut.gen-infected computer should itself be thought of as (appropriately enough) 'contagious'.
The Ever-Changing Nature of W32/Virut.gen
W32/Virut.gen is called polymorphic because of its ability to alter itself to avoid detection and removal. This has given birth to an entire family of related worms and makes keeping up to date malware definitions in your computer security software essential. W32/Virut.gen will try to obscure its code and may place it in several different locations; for example, in host executables.
One way to catch W32/Virut.gen hiding in your system is to check file sizes. An executable that's larger than it should be may be an unwilling host to the worm. This is only one of two of its primary symptoms, with the second being IRC traffic the user hasn't personally initiated; the latter is due to W32/Virut.gen trying to connect to the 'virtu' channel at ircd.zief.pl, whereupon it will get more malware friends to join the party.
Why Lazy Malware Programming Can Hurt You
W32/Virut.gen's code isn't perfect and has a number of bugs related to how it spreads itself. In the best-case scenario, it will attempt to infect a file and fail. The other possibility is that W32/Virut.gen will corrupt a file so badly during its insertion attempt that the file is permanently damaged! This simply adds one additional reason to avoid ignoring it as non-threatening. Despite its low-key operation, W32/Virut.gen is capable of indirectly causing significant damage over time. So don't shrug this worm off just because it's meek!
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.