Threat Encyclopedia

Home > Threat Center > Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

O
P
Q
R
S
T
U
V
W
X
Y
Z
Glossary

Short description

Win32/Virut.NBV is a polymorphic file infector. The virus connects to the IRC network. It can be controlled remotely.

Executable file infection

The virus searches for executables with one of the following extensions:

.exe
.scr

Executables are infected by appending the code of the virus to the last section.

The host file is modified in a way that causes the virus to be executed prior to running the original code. The size of the inserted code is 17 KB .

It avoids those with any of the following strings in their names:

WINC
WCUN
WC32
OTSP

Other information

The virus is sent data and commands from a remote computer or the Internet.

It communicates with the following servers using IRC protocol:

irc.zief.pl
proxim.ircgalaxy.pl

It can execute the following operations:

download files from a remote computer and/or Internet
run executable files

The virus may set the following Registry entries:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
SharedAccess\Parameters\FirewallPolicy\StandardProfile\
AuthorizedApplications\List]
"%filepath%" = "%filepath%:*:enabled:@shell32.dll,-1"

The performed data entry creates an exception in the Windows Firewall program.

The virus creates and runs a new thread with its own program code in all running processes.

All Products:

Cart About ESET Partners United States and Canada

© 2012 ESET North America. All rights reserved. Trademarks used herein are trademarks or registered trademarks of ESET spol. s r.o. or ESET North America.
All other names and brands are registered trademarks of their respective companies.