Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/Drowor.A is a file infector.
InstallationWhen executed, the virus copies itself into the:
folder with the following file names:
The following file is dropped into the C:\ folder:
- internat.exe (30001 B)
- internat.exe.tmp (30001 B)
The file is then executed.
- _.de (30001 B)
Executable files infectionThe virus searches local and network drives for files with one of the following extensions:
Files are infected by adding a new section that contains the virus .
The host file is modified in a way that causes the virus to be executed prior to running the original code. Size of the code inserted is 30986 B .
It avoids files which contain any of the following strings in their path:
The virus avoids infecting files with name containing any of the following strings:
- System Volume Information
SpreadingThe virus copies itself into the root folders of local and remote drives.
If successful the following filename is used:
The following file is dropped in the same folder:
Thus, the virus ensures it is started each time infected media is inserted into the computer.
Other informationThe virus creates the following files:
The virus tries to download several files from the Internet. The virus contains a list of (1) URLs.
The HTTP protocol is used. These are stored in the following locations:
The files are then executed.
If the virus is running in a debugger all running processes are terminated.