The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.
* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess
This is a very bad virus most people think this virus is coming from video sites, however it’s self-executes. I have found it to place its self on external media without you knowing it. This includes USB-drives, CD’s, Floppy, Hard drives and so on.
It’s bad, and almost imposable to remove.
Thursday, April 30, 2009
Subscribe to:
Posts (Atom)
Posts
