Re: Is my ISP injecting JS line ?
Posted: Mon Jan 21, 2008 4:20 am
Check this out guys.........the virus is evidently Win32/Virut.AC which is appearing on a more common basis..........when i googled for it......i found out this
Name W32/Virut-W
Type
* Virus
How it spreads
* Infected files
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
Aliases
* Win32.Virut.av
* PE_VIRUT.AV
* Win32/Virut.AC
Protection
* Download virus identity (IDE) file
and further
This section is for technical experts who want to know more.
W32/Virut-W is a virus for the Windows platform.
W32/Virut-W attempts to hook the operating system and infect files with an EXE or SCR extension.
W32/Virut-W may also attempt to connect to a remote IRC server, and may download and execute further files if instructed to do so.
W32/Virut-W may modify the following registry entry in order to bypass the Windows firewall:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List
now doesn't it make sense to our problem? Surely it does.......very importantly it "attempts to connect to a remote IRC server, and may download and execute further files if instructed to do so."
which is what we all were fearing about.........so its not that our computers are affected but some other computers on our own network are infected and causing us this problem........
So slowly the things are getting into right places and the puzzle is getting solved........... I had promised you all about the solution and here it is...... only because our cable operator and his tech team gave us all the needed support we were able to solve this nuisance..... HATs OFF to them !
Regards,
Rohit Jain.
Name W32/Virut-W
Type
* Virus
How it spreads
* Infected files
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
Aliases
* Win32.Virut.av
* PE_VIRUT.AV
* Win32/Virut.AC
Protection
* Download virus identity (IDE) file
and further
This section is for technical experts who want to know more.
W32/Virut-W is a virus for the Windows platform.
W32/Virut-W attempts to hook the operating system and infect files with an EXE or SCR extension.
W32/Virut-W may also attempt to connect to a remote IRC server, and may download and execute further files if instructed to do so.
W32/Virut-W may modify the following registry entry in order to bypass the Windows firewall:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List
now doesn't it make sense to our problem? Surely it does.......very importantly it "attempts to connect to a remote IRC server, and may download and execute further files if instructed to do so."
which is what we all were fearing about.........so its not that our computers are affected but some other computers on our own network are infected and causing us this problem........
So slowly the things are getting into right places and the puzzle is getting solved........... I had promised you all about the solution and here it is...... only because our cable operator and his tech team gave us all the needed support we were able to solve this nuisance..... HATs OFF to them !
Regards,
Rohit Jain.