Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Installation
When executed, the virus drops the following files in the %temp% folder:

$.$ (24864 B)

The virus creates and runs a new thread with its own program code within the following processes:

%windir%\explorer.exe


Executable files infection

The virus searches local and network drives for files with one of the following extensions:

.exe

Executables are infected by appending the code of the virus to the last section. The host file is modified in a way that causes the virus to be executed prior to running the original code. The virus avoids infecting files with name containing any of the following strings:

ntoskrnl.exe
ntkrnlpa.exe
fsquirt.exe
fpcount.exe
totalcmd.exe


Other information

The virus tries to download and execute several files from the Internet. The virus contains a list of (8) URLs.

The files are stored in one of the following folders:

%temp%

using the following name:

iexplorer.exe



The virus may create copies of the following files (source, destination):

%windir%\explorer.exe, %temp%\exp1orer.exe