Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Short description
Win32/Afgan.F is a file infector.
Installation
The virus creates and runs a new thread with its own program code within the following processes:
  • %sytem%\winlogon.exe
  • %windir%\explorer.exe
Executable files infection
The virus searches for executables with one of the following extensions:
  • .exe
Executables are infected by appending the code of the virus to the last section.

The host file is modified in a way that causes the virus to be executed prior to running the original code. Size of the code inserted is 24 KB .
Other information
The virus tries to download and execute several files from the Internet.

The virus contains a list of (4) URLs. The files are stored in one of the following folders:
  • %temp%
using the following filenames:
  • loader.exe
  • dattim.tmp