Comments on: Under the Hood: Virut http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/ About malware, packers and reverse engineering Thu, 11 Mar 2010 19:27:28 +0000 http://wordpress.org/?v=2.2.3 By: information security http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-336 information security Thu, 04 Mar 2010 07:26:12 +0000 http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-336 <strong>information security...</strong> Einige sind der Ansicht, dass es sich mit dem Thema zu beschaeftigen wenig lohnt, da der Informationsmarkt hierueber bereits recht ueberlaufen sei, Es laesst sich wahrlich nur recht selten auf etwas wriklich Gutes dabei zu treffen. Trotzdem kann sich d... information security…

Einige sind der Ansicht, dass es sich mit dem Thema zu beschaeftigen wenig lohnt, da der Informationsmarkt hierueber bereits recht ueberlaufen sei, Es laesst sich wahrlich nur recht selten auf etwas wriklich Gutes dabei zu treffen. Trotzdem kann sich d…

]]> By: laptop dead - Help2Go http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-333 laptop dead - Help2Go Mon, 24 Aug 2009 18:19:19 +0000 http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-333 [...] spreading so trying to contain it is impossible. See this article on why it is so destructive. Under the Hood: Virut If you do try to repair this without reformatting then your best chance is using the Avira AntiVir [...] […] spreading so trying to contain it is impossible. See this article on why it is so destructive. Under the Hood: Virut If you do try to repair this without reformatting then your best chance is using the Avira AntiVir […]

]]> By: Virut - Personal Reflections « Of Bytes and Badges http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-323 Virut - Personal Reflections « Of Bytes and Badges Thu, 12 Feb 2009 00:39:02 +0000 http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-323 [...] unleashed) back in 2007, an excellent write-up of the virus’s initial strain can be found here. Just ignore the domain name and you’ll appreciate some serious disassembly and analysis. [...] […] unleashed) back in 2007, an excellent write-up of the virus’s initial strain can be found here. Just ignore the domain name and you’ll appreciate some serious disassembly and analysis. […]

]]> By: toni http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-196 toni Wed, 01 Aug 2007 10:11:45 +0000 http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-196 Hi, as far as I know most of AV softwares should be able to perform the disinfection. Atleast Panda seems to have it right when using the Panda ActiveScan. It can be located at http://www.pandasecurity.com/homeusers/solutions/activescan/ --Toni Hi,
as far as I know most of AV softwares should be able to perform the disinfection. Atleast Panda seems to have it right when using the Panda ActiveScan. It can be located at http://www.pandasecurity.com/homeusers/solutions/activescan/

–Toni

]]> By: Stavros http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-194 Stavros Tue, 31 Jul 2007 14:36:21 +0000 http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-194 Nice lesson of how is infecting exe, do you thing there is a way to clean files? Thanks in advance Stavros Nice lesson of how is infecting exe,
do you thing there is a way to clean files?

Thanks in advance
Stavros

]]> By: Charles http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-10 Charles Thu, 12 Apr 2007 21:18:01 +0000 http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/#comment-10 Very instructive explanation... I have seen an strange behavior in some Virut mutation. Some of the mutation are not detected by antivirus program but the regresive mutation are. If you infect with a E variant it infects with D variant and you can clean that but then some exe corrupts. Do you think that it is due to an error in the code of virus or a bad cleening? Another problem is if it is possible to detect a computer infected just analising the traffic in network. I want to say the packets to irc server are periodical or they are a function of any event? Thanks for your good article. Very instructive explanation…
I have seen an strange behavior in some Virut mutation. Some of the mutation are not detected by antivirus program but the regresive mutation are.

If you infect with a E variant it infects with D variant and you can clean that but then some exe corrupts.

Do you think that it is due to an error in the code of virus or a bad cleening?

Another problem is if it is possible to detect a computer infected just analising the traffic in network. I want to say the packets to irc server are periodical or they are a function of any event?

Thanks for your good article.

]]>