Win32/Virut creates a mutex named VT_3, which it uses to prevent multiple copies of itself from running on your PC. Win32/Virut disables Windows System File Protection (SFP) by injecting code into "WINLOGON.EXE". The injected code patches "sfc_os.dll" in memory, which in turn allows the virus to infect files protected by SFP.
Win32/Virut injects code into other processes and this code will infect files with extensions .EXE and .SCR accessed by those processes. Win32/Virut avoids infecting files whose names contain any of the following:
This IRC connection allows a hacker to access and control your PC, and to download and run other files on it.