Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically



Win32/HLLP.Hantaner.A is a virus spreading via infected files in P2P environment of KaZaA net. The virus is written in Delphi, and in order decreasing its length comprised by UPX. Comprised virus length is approximately 24 KB. Virus attacks computers with operating systems Windows 95/98/Me/NT/2000 and XP.

NOD32 detects the non-comprised version of Win32/HLLP.Hantaner.A virus as Win32/HLLP.Hantaner.A.unp.

After the infected file is run Win32/HLLP.Hantaner.A uses the system register for finding the directory where KaZaA saves downloaded files. It uses for this purpose the key HKEY_CURRENT_USER\Software\Kazaa\Transfer\DownloadDir. Virus is also searching for the directory used by Internet Explorer browser for saving of downloaded files from Internet.. It accomplishes this using the key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory.

It infects the files in above given directories placing its body at the beginning of those. The body of virus contains following text:

HANTA-Vjoiner ,si que lo hice yo, ErGrone/GEDZAC... eso va para los senoritos de PER, en especial a Machado, que no tiene la educación necesaria para responder un E-Mail. y para los que se enojaron con CPL, jeje, pa que ocupan Hotmail!!!, teniendo miles de mailbox gratis y con mas espacio. Falló la Heuristica y contra una técnica antigua JoJOjOO-Escrito en Delphi 6!

Note: In following text a symbolic inscription %windir% is used instead of the name of directory in which Windows operating system is installed. Of course, this may differ from installation to installation.

The virus creates the file named tnKXfs.dat on the disk in the directory %windir%\TEMP.

NOD32 detects Win32/HLLP.Hantaner.A from version 1.335, and its non-comprised version Win32/HLLP.Hantaner.A.unp from 1.341.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.