Comments on: Under the Hood: Virut http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/ About malware, packers and reverse engineering Fri, 21 Nov 2008 07:01:25 +0000 http://wordpress.org/?v=2.2.3 By: toni http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-196 toni Wed, 01 Aug 2007 10:11:45 +0000 http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-196 Hi, as far as I know most of AV softwares should be able to perform the disinfection. Atleast Panda seems to have it right when using the Panda ActiveScan. It can be located at http://www.pandasecurity.com/homeusers/solutions/activescan/ --Toni Hi,
as far as I know most of AV softwares should be able to perform the disinfection. Atleast Panda seems to have it right when using the Panda ActiveScan. It can be located at http://www.pandasecurity.com/homeusers/solutions/activescan/

–Toni

]]> By: Stavros http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-194 Stavros Tue, 31 Jul 2007 14:36:21 +0000 http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-194 Nice lesson of how is infecting exe, do you thing there is a way to clean files? Thanks in advance Stavros Nice lesson of how is infecting exe,
do you thing there is a way to clean files?

Thanks in advance
Stavros

]]> By: Charles http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-10 Charles Thu, 12 Apr 2007 21:18:01 +0000 http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-10 Very instructive explanation... I have seen an strange behavior in some Virut mutation. Some of the mutation are not detected by antivirus program but the regresive mutation are. If you infect with a E variant it infects with D variant and you can clean that but then some exe corrupts. Do you think that it is due to an error in the code of virus or a bad cleening? Another problem is if it is possible to detect a computer infected just analising the traffic in network. I want to say the packets to irc server are periodical or they are a function of any event? Thanks for your good article. Very instructive explanation…
I have seen an strange behavior in some Virut mutation. Some of the mutation are not detected by antivirus program but the regresive mutation are.

If you infect with a E variant it infects with D variant and you can clean that but then some exe corrupts.

Do you think that it is due to an error in the code of virus or a bad cleening?

Another problem is if it is possible to detect a computer infected just analising the traffic in network. I want to say the packets to irc server are periodical or they are a function of any event?

Thanks for your good article.

]]>