Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Short description
Win32/Small.AG is a worm that spreads by copying itself into the root folders of available drives.
Installation
When executed the worm copies itself in the following locations:
  • %system%\mexica.exe
  • %windir%\system234.exe
  • %windir%\temp\mexica.exe
In order to be executed on every system start, the worm sets the following Registry entries:
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
    CurrentVersion\Run]
    "systray" = "%windir%\system234.exe"
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\
    CurrentVersion\Windows]
    "run" = "%windir%\temp\mexica.exe"
The worm displays a fake error message:
Spreading
The worm copies itself into the root folders of the following drives A:\ - G:\ using the following name:
  • imagenes.exe