creates a mutex named VT_3, which it uses to prevent multiple copies of itself from running on your PC. Win32/Virut disables Windows System File Protection (SFP) by injecting code into "WINLOGON.EXE". The injected code patches "sfc_os.dll" in memory, which in turn allows the virus to infect files protected by SFP.
injects code into other processes and this code will infect files with extensions .EXE and .SCR accessed by those processes. Win32/Virut avoids infecting files whose names contain any of the following:
This IRC connection allows a hacker to access and control your PC, and to download and run other files on it.
Alerts from your security software may be the only symptom.