Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/Virut.NBK is a polymorphic file infector. The virus connects to the IRC network. It can be controlled remotely.
InstallationThe virus creates and runs a new thread with its own program code within the following processes:
The following Registry entries are created:
The performed data entry creates an exception in the Windows Firewall program.
"\??\%system%\winlogon.exe" = "\??\%system%\
Executable files infectionThe virus searches for executables with one of the following extensions:
Executables are infected by appending the code of the virus to the last section.
The host file is modified in a way that causes the virus to be executed prior to running the original code.
It avoids those with any of the following strings in their names:
Infects the following files:
The virus inserts an IFrame element with an URL link into the file.
Other informationThe virus is sent data and commands from a remote computer or the Internet.
It communicates with the following servers using IRC protocol:
It can execute the following operations:
The following file is modified:
- download files from a remote computer and/or Internet
- run executable files
The virus writes the following entries to the file:
- 127.0.0.1 ZieF.pl