Sonicwall Signatures


Go to All Categories list.

Virut.N_23 is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Virut.N_23 is compressed using the executable packer and its file size is 16,896 bytes. Virut.N_23 drops the following files on the hard drive:
  • C:\WINDOWS\system32\gtjzwsl.exe (16896 bytes)
It also changes Windows registry:
  • Creates key "HKLM\Software\Microsoft\Wireless".
  • Creates value "ID"="gntnoahoselwjf" in key "HKLM\Software\Microsoft\Wireless".
  • Creates value "Client"="1" in key "HKLM\Software\Microsoft\Wireless".
  • Creates value "Cryptographic Service"="C:\WINDOWS\system32\gtjzwsl.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It creates the following mutex to ensure only one instance is running: uterm19. u8. u9. u10. u11. u12. u13. u13i. u14. u15. u16. u17. u18. u19. It also has possible backdoor functionality [unknown] port 7728, attempts to acquire the "SeDebugPrivilege" privileges, is executed every time Windows starts.

Relevant Information