Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Method of propagation:
• Autorun feature
• Peer to Peer
• Panda: W32/Autorun.JFG.worm
• Eset: Win32/Peerfrag.CF
Platforms / OS:
• Windows 2000
• Windows XP
• Windows 2003
• Drops malicious files
• Registry modification
It copies itself to the following locations:
• %recycle bin%\
The following file is created:
\autorun.inf This is a non malicious text file with the following content:
%code that runs malware%
One of the following values is added in order to run the process after reboot:
– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
• "Taskman"="%recycle bin%\
The following registry keys are added:
In order to infect other systems in the Peer to Peer network community the following action is performed: It retrieves shared folders by querying the following registry keys:
• Software\Microsoft\Windows\CurrentVersion\Uninstall\eMule Plus_is1
• \Local Settings\Application Data\Ares\My Shared Folder
If successful, the following file is created:
These files are copies of the malware itself.
It is spreading via Messenger. The characteristics are described below:
– MSN Messenger
The URL then refers to a copy of the described malware. If the user downloads and executes this file the infection process will start again.
– It injects itself as a thread into a process.
The malware program was written in Delphi.
Description inserted by Petre Galan on Monday, February 22, 2010
Description updated by Petre Galan on Tuesday, February 23, 2010