Description:
This file infector spreads by infecting running processes that have EXE and SCR extension names. It checks whether the said target processes are in portable executable (PE) format. It then appends its code to infect target processes. Note that it avoids processes and files with certain strings in their file names.
It creates the event VT_3 to ensure its memory residency and so that only one instance of itself is running on the affected system's memory.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 16, 2006 7:56:48 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
