W32.Virut!html


Aliases: Virus:Win32/Virut.BM
Variants: Win32/Virut.BM, Win32.Virut!html

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 04 Feb 2009
Damage: Low

Characteristics: The W32.Virut!html application is a virus that can infect PCs by inserting a malicious “iframe” on web files. Some examples of these files are .htm, .asp and .php. This virus also changes the file of the Windows Hosts which makes it impossible for the user to access legal security web sites.

More details about W32.Virut!html

W32.Virut!html is a generic detection for .HTML files that is infected by variants of W32/Virut virus family. It has the ability to redirect users to malicious Web sites which can exploit the browser. This virus also changes the file of the Windows Hosts which makes it impossible for the user to access legal security web sites. The virus infects the computer via unexpected e-mail attachments, through web browser security loop holes while you are surfing the Internet, and through instant messenger programs. W32.Virut!html has the ability to repair, recreate, and update itself to avoid deletion. When this virus changes, updates and restores its files, registry keys, DLLs and process, a scanner can only delete part of the program that allows the other remaining files to perform procedures to update and repair. In these cases, it could make the virus manual removal procedure very difficult.

The W32.Virut!html software is commonly spread via e-mail. The user may be persuaded to click the attachment that contains it. A link in the message body may also cause an infection. IRC and instant messages can spread the W32.Virut!html application. Users may also download it without knowing it is malicious. It can be found on peer-to-peer file sharing networks, freeware and shareware websites and forums. The W32.Virut!html application commonly places its files in the Windows directory. Its components often use file names similar to those of legitimate processes. These are often executable files. The files are also added as autorun registry key values. A mutex may also be created to check the installation.