Перейти к содержимому


Фото
- - - - -

Dr.Web Anti-virus CURES computers infected with Win32.Virut.5 and Win32.Scproj.7573

Автор News Robot , мар 25 2008 12:50

  • Please log in to reply
Нет ответов в данной теме

#1 News Robot

News Robot

    Creator of the News

  • Dr.Web Staff
  • 8 013 Сообщений:

Отправлено 25 Март 2008 - 12:50

August 13, 2007



Virus Monitoring Service of Doctor Web, Ltd. reports on new modifications of viruses classified by Dr.Web as Win32.Virut.5 (or Email-Worm.Win32.Warezov.jq, Win32/Virut.10192, according to other anti-virus vendors’ classifications) and Win32.Scproj.7573 (Backdoor.PcClient.SYX).


To date quite a long term has been marked by a mass distribution of the notorious “stormy worm”, disguised as a postcard and detected by Dr.Web as Trojan.Packed.142. During recent few days Virus Monitoring Service of Doctor Web. Ltd has detected its modifications infected by a complex polymorphic virus Win32.Virut.5 , infecting all exe.files and taking control over infected machines via IRC. As things stand, Dr.Web seems to be the only anti-virus which detects and, what is the most important, cures infected files from Win32.Virut.5.



Additionally, another file virus called Win32.Scproj.7573 was detected. This one infects all exe.files on the hard disk and movable media. As a rule, it doesn’t change the size of the original files, writing itself to a section filled with zeros. On the surface it doesn’t demonstrate itself in any way – there might only be Explorer errors, program messages on incomplete *.exe files, etc. Access to the Internet by infected applications helps the virus to bypass firewall policy. The virus body contains links instructing it on its further activity. In a definite interval after the start of the infected Explorer the virus scans network shares for available shared folders to infect *.exe files inside them. The only folders that are not infected are Windows, WINNT, System32, System and dllcache.



It’s not for the first time that Dr.Web has turned to be the first to challenge complex virus threats. Virus Monitoring Service of Doctor Web, Ltd. has not just detected the malware, but implemented the curing algorithm for files infected by Win32.Scproj.7573 while other anti-viruses can only delete the infected files.



If you suspect that your...

http://info.drweb.com/show/3137?lng=en
Назад к Company news (English)
  1. Dr.Web forum
  2. English forums
  3. Company news (English)
  4. Privacy Policy
  5. Terms & Rules ·