This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Method of propagation:
• Autorun feature
• Peer to Peer
• Panda: W32/Autorun.JFG.worm
• Eset: Win32/Peerfrag.CF
Platforms / OS:
• Windows 2000
• Windows XP
• Windows 2003
• Drops malicious files
• Registry modification
It copies itself to the following locations:
• %recycle bin%\
The following file is created:
\autorun.inf This is a non malicious text file with the following content:
%code that runs malware%
One of the following values is added in order to run the process after reboot:
– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
• "Taskman"="%recycle bin%\
The following registry keys are added:
In order to infect other systems in the Peer to Peer network community the following action is performed: It retrieves shared folders by querying the following registry keys:
• Software\Microsoft\Windows\CurrentVersion\Uninstall\eMule Plus_is1
• \Local Settings\Application Data\Ares\My Shared Folder
If successful, the following file is created:
These files are copies of the malware itself.
It is spreading via Messenger. The characteristics are described below:
– MSN Messenger
The URL then refers to a copy of the described malware. If the user downloads and executes this file the infection process will start again.
– It injects itself as a thread into a process.
The malware program was written in Delphi.
Description inserted by Petre Galan on Monday, February 22, 2010
Description updated by Petre Galan on Tuesday, February 23, 2010
Get in touch
Questions? We are happy to help you.
1 800 403 7019
Start a chat
Send an email
Find a solution in our Avira Answers community
Send an email
Case Record Type