Win32/virut.NBP
Win32/Virut.NBP is a virus that infects files of specific formats, thereafter forcing its code to launch along with the original program. After infecting a PC's files, Win32/Virut.NBP makes contact with remote servers, and through them may download and install other threats or be an accessory to additional attacks. Win32/Virut.NBP is a high-level threat that may avoid deletion by some prominent brands of anti-virus software, and malware experts urge you to use every anti-malware solution necessary for deleting Win32/Virut.NBP from all 'host' files.
Win32/Virut.NBP: The Extra Code that Your EXE Files are Executing
Win32/Virut.NBP is an IRC-based virus that operates similarly to a backdoor Trojan, but with the additional ability to distribute its code throughout unrelated files on the compromised machine. Files targeted by Win32/Virut.NBP viruses include EXE, SCR, HTM, PHP, and ASP. The first two formats host the body of Win32/Virut.NBP's code; the latter three are modified to host links to the threatening files. This distribution method allows Win32/Virut.NBP to conceal itself in your native files, as well as compromise the integrity of any Web page content storing itself on your hard drive.
Win32/Virut.NBP receives instructions on its other attacks through a backdoor vulnerability based on Internet Relay Chat protocols. Through these extra commands, Win32/Virut.NBP may be instructed to download other files and launch files automatically. Such functions may be used in tandem to allow one piece of threat to install other ones that lack the distribution technology included in viruses like Win32/Virut.NBP. Accordingly, malware experts always rate the presence of Win32/Virut.NBP as a high-level threat and security risk for the infected computer.
Win32/Virut.NBP also makes changes to the Windows Hosts settings for the purposes of enabling its reproduction. This behavior contrasts most popular attacks involving the Hosts file settings, which typically redirect the victim's Web browsers to unwanted sites (or disable their ability to browse the Web at all).
Nailing Down a Threat that may Change Both Habitat and Form
Along with hiding its code in non-corrupted files, Win32/Virut.NBP also includes a polymorphism function that lets Win32/Virut.NBP modify its body between individual variants. Polymorphic threats may be difficult for your anti-malware tools to detect consistently. Thorough anti-malware scans by updated security solutions should be employed as soon and as comprehensively as possible, giving Win32/Virut.NBP a minimum of time to change its code to a new, potentially unrecognizable version. Since Win32/Virut.NBP has the potential to compromise essential parts of your OS, you should avoid deletingWin32/Virut.NBP's 'host' files manually.
Win32/Virut.NBP's payload may be limited, in terms of its set of features, but it may be used to install other threats even worse than itself on your computer. Scans for Win32/Virut.NBP should take that risk into account, and you should avoid terminating them until you've confirmed the identification and removal of all threats, including each copy of Win32/Virut.NBP.
Malware analysts still are examining all of the possible distribution strategies for Win32/Virut.NBP, but local networks and removable drives, in particular, should be monitored for potential compromises of their files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.