Below is a signature for a new version of the Virut virus which is being distributed, especially in China, via drive-by download, using vulnerabilities and scripts. Virut is an old-style virus which is particularly nasty. Clam AV used to have lots of false positives for Virut signatures. This one should not have any, as it is based on the Windows PE file and not a packer or common code. Virut changes often, so I suggest you only keep the sig for a couple of weeks at the most.

Copy the signature, paste it to an empty Notebook or text file. Save the file as sigfile.mdb in the C:\ProgramData\.clamwin\db folder (or add it to an existing .mdb file if you have one).

45056:fed1a2f118dcb2a0d4b2914f2cb3067e:Win.Virus.Virut-022218-1457

Regards,