Selected viruses, spyware, and other threats: sorted alphabetically
A DLL file is dropped in the %temp% folder. Its filename may be one of the following:
Size of the file is approximately 30 kB. The library is loaded and injected in all processes.
The virus checks for code page used on the system. If it is set to 936 (Simplified Chinese), the virus quits and hands control over to the host executable.
In order to ensure that only one instance of the virus is running, it creates an Event object. Its name is one of the following:
The virus infects executables accesed by Explorer.exe as well as files found on local and network drives.
The virus contains a list of URLs. It tries to download several files from the addresses. The files are then executed.