Virus.Virut.a
Posted: May 6, 2007
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 7/10 |
|---|---|
| Infected PCs: | 16 |
| First Seen: | July 24, 2009 |
|---|---|
| OS(es) Affected: | Windows |
Virut.A is a virus that propagates via browser security exploits, IRC, and over network shares. Once it is executed, Virut.A will remain in memory and will attempt to infect any .exe or .scr files that are executed on your computer. Virut.A will also open up a TCP backdoor on port 65520 through which a remote attacker can get full control over your machine and steal your sensitive information.
Aliases
TROJ_DLOADR.WHB [TrendMicro]Trj/CI.A [Panda]Generic Downloader.x!bbh [McAfee]TrojWare.Win32.Trojan.Agent.Gen [Comodo]Generic14.ACFL [AVG]Win32:Trojan-gen {Other} [Avast]Win-Trojan/Downloader.77824.CV [AhnLab-V3]
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:MailSpectre.exe
File name: MailSpectre.exeSize: 102.4 KB (102400 bytes)
MD5: 5b7ead71abcb5e91b7d6fc15da084630
Detection count: 96
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
malware.exe
File name: malware.exeSize: 119.29 KB (119296 bytes)
MD5: 128e9c52e27cdceaa46368bec7d81ae2
Detection count: 94
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
173906.exe
File name: 173906.exeSize: 163.84 KB (163840 bytes)
MD5: 8d27023c28fa6c0cef6729169e664ae7
Detection count: 93
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
nnabdcu.exe
File name: nnabdcu.exeSize: 43.52 KB (43520 bytes)
MD5: 63f087b721cd76c3b04e65b1c7f80907
Detection count: 92
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
Resume.exe
File name: Resume.exeSize: 131.58 KB (131584 bytes)
MD5: 42c8a04c697f9f0b0520fefdb3a2c50e
Detection count: 91
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
60156.exe
File name: 60156.exeSize: 163.84 KB (163840 bytes)
MD5: 9937f6ad1d451ad05015762a24e0af0c
Detection count: 85
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
baba[1].exe, j8j88j.exe
File name: baba[1].exe, j8j88j.exeSize: 10.24 KB (10240 bytes)
MD5: d71ce37610732ed474cc5fc8415ae2c5
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
xlxhgsb.exe
File name: xlxhgsb.exeSize: 52.51 KB (52510 bytes)
MD5: 6e5aedaa2c4bae55a3d19250c69ed427
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
giI69VPH.exe
File name: giI69VPH.exeSize: 131.07 KB (131072 bytes)
MD5: 7ec20fa76032df5867718ace618e089f
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
pivgrj.exe
File name: pivgrj.exeSize: 66.56 KB (66560 bytes)
MD5: 530e94cdf915f6b410fa7ce241474fb9
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
clean_c1c9.dll
File name: clean_c1c9.dllSize: 38.21 KB (38216 bytes)
MD5: 717e803bb4af21c000bc86e0fd781055
Detection count: 65
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
51296.exe
File name: 51296.exeSize: 163.84 KB (163840 bytes)
MD5: 5e4a95fb112dcdd9c5383012dd1b55ac
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
wujein.exe
File name: wujein.exeSize: 37.88 KB (37888 bytes)
MD5: 9844bf49492e65dd7b71b2e17f93280c
Detection count: 15
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
qwgdrgusjeirkw.exe
File name: qwgdrgusjeirkw.exeSize: 37.88 KB (37888 bytes)
MD5: 4111feb61a96cb261216e8e3d9665140
Detection count: 11
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
vivmy.exe
File name: vivmy.exeSize: 49.15 KB (49152 bytes)
MD5: 1bd268b7545e403a2bc42980c036786f
Detection count: 6
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
epmmndvicjgn.exe
File name: epmmndvicjgn.exeSize: 43.52 KB (43520 bytes)
MD5: 9cc42b50ed131c60a581e3681da7bb10
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
logon.exe
File name: logon.exeSize: 115.2 KB (115200 bytes)
MD5: 3241b965575268b32606cd045edf38e5
Detection count: 4
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
malware.exe
File name: malware.exeSize: 125.44 KB (125440 bytes)
MD5: b9526c9af11fefd64050ef191aad2975
Detection count: 0
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
More files
This will fix the virut virus and you will need to install a 2nd windows on a seperate partition if you dont already have it (dw if you dont want it afterwards just remove it)
1. go to a proxy site then from there go to the avg site to download their
virut remover put this in your c drive
2. Run msconfig
3. Change Boot tab to safe boot & alternate shell (doesn't load explorer and
leaves it free to repair)
4. Reboot
5. When dos box type "cd c:\"
6. Type "rmvirut (all your drive letters ie: C:\ D:\ etc)"
7. Let it run through.
8. Scan any folder it finds the virut again
9. Then Scan all your windows folders (depends on how many multiboots you have
and its pays to have at least 2 with this virus)
10. Lastly Scan C:\windows\explorer.exe (the evil heart of the virus)
11. Then type msconfig
12. Change Boot tab to remove safe boot
13. Reboot
14. Then boot into another boot of windows and open cmd.exe scan everything
again paying particular attention to folders with the virus in it
All done, can now go to antivirus & mircrosoft websites
PS I dont deserve credit for this my mate found/tweaked this fix in the 1st place and I just tweaked it a bit further to help out the noobs