Selected viruses, spyware, and other threats: sorted alphabetically
Win32/Palyh.A is a worm that spreads through e-mail attachments. As a sender is firstname.lastname@example.org. In attachment is a file with PIF extension. Size of file is about 50 Kb. In this file is worm's body packed with modified UPX packer.
Message text is:
All information is in the attached file.
The e-mail's subject line is generated from this list:
Re: My application
Re: My details
Re: Approved (ref: 3394-65467)
Approved (Ref: 38446-263)
The attachment uses one of these names:
The E-mail addresses is worm searching in files with these extensions:
For an activation worm writes to the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run the item System Tray with the value C:\WINDOWS\msccn32.exe. Worm creates the file hnks.ini on the disk and uses this own SMTP routine.
Worm is also able to spread on a shared disks through a record in this directories:
Documents and Settings\All Users\Start Menu\Programs\Startup
Windows\All Users\Start Menu\Programs\Startup
© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.