Learn about a threat known as Virut, a virus that many anti-virus scanners cannot clean from your system once you’ve been infected. Good news Ad-Aware users: Ad-Aware Plus and Pro – which include ‘triple threat’ protection against viruses, spyware and rootkits – can detect, actively block and remove this threat. Keep reading to find out how.
Understanding the Threat
Virut is a polymorphic file-infecting virus – meaning it is continuously updated by its creators in order to infect important files on a user’s system – that is present online in many different versions. It is a virus that is distributed through IRC networks, network shares, and peer-to-peer file sharing applications. The virus is also relatively common on sites hosting cracks and “key generators”. Unlike worms, computer viruses are not self-replicating programs; viruses are spread from one computer to another by a carrier or host application.
The Bad Behavior
When the carrier, host, or virus is executed, Virut may reside in the system memory in order to infect as many executables as possible (for example “.exe” or “.scr” files) on the infected PC. Virut may also open a backdoor on the infected system, allowing an attacker to gain access, compromising both your system’s security and your privacy. Virut is also capable of turning infected computers into “zombie” machines that can be used to perform botnet attacks.
Many anti-virus engines cannot clean the infected executables properly and the result is often that the Virut-infected files are quarantined, or just deleted. Due to the fact that Virut is polymorphic, and made up of relatively "buggy" code, the disinfection of infected files is difficult.
“Even if the disinfection succeeds, the resulting, disinfected file may still have a different md5 (Message-Digest algorithm 5) control sum than the original one. I have also seen cases where a "disinfected" Virut file is detected, as for example a Trojan, by the heuristics of other vendors. That may be caused by remaining code that still exists in the disinfected file,” says Pekka Andelin, malware analyst at the Malware Labs at Lavasoft.
“If disinfection is not possible a large amount of executables may be removed from their locations during the cleaning process, making the system unusable in the end. In that case a complete format and a reinstall of Windows might be the only options left to the affected user. That means that it’s important to also have some type of proactive protection that prevents viruses, like Virut, from executing fully on a system,” Andelin says.
This, however, is not a problem for Ad-Aware. The anti-virus detection technology in Ad-Aware Plus and Pro versions checks if a pending process is malicious and forwards the information to Ad-Watch, allowing Ad-Watch to block it. The image, below, shows an example of the Ad-Watch Live! alert message you would receive if a detected file is identified as Virut.
(Please note: the Ad-Watch Live! detection, blocking and notification settings must be enabled. These settings are enabled by default.)
The winning strategies you should be mindful of in order to prevent virus infections include:
- Use real-time anti-virus protection
- Use a firewall to block unauthorized access to your system
- Use caution with file downloads and links you click
When it comes to Virut, the most important piece of information to keep in mind is that the virus is continuously updated by its creators in order to infect important files on your system; you will need to keep your security software up-to-date with the latest definitions files in order to stay protected.