Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

When executed, the virus drops the following files in the %temp% folder:

$.$ (24864 B)

The virus creates and runs a new thread with its own program code within the following processes:


Executable files infection

The virus searches local and network drives for files with one of the following extensions:


Executables are infected by appending the code of the virus to the last section. The host file is modified in a way that causes the virus to be executed prior to running the original code. The virus avoids infecting files with name containing any of the following strings:


Other information

The virus tries to download and execute several files from the Internet. The virus contains a list of (8) URLs.

The files are stored in one of the following folders:


using the following name:


The virus may create copies of the following files (source, destination):

%windir%\explorer.exe, %temp%\exp1orer.exe