Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Medium to high
- Thursday, December 6, 2007
Method of propagation:
• Infects files
• Symantec: W32.Drowor.B!inf
• Mcafee: W32/Cekar
• Kaspersky: IM-Worm.Win32.Sohanad.nj
• Sophos: W32/Drowor-A
• VirusBuster: Worm.VB.YVP
• Eset: Win32/Seriv.A
• Bitdefender: Win32.Trafrox.C
The file works interdependently with these components:
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
• Drops a malicious file
• Infects files
The following file is created:
\Services.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as:
Appender - The virus main code is added at the end of the infected file.
– The following section is added to the infected file:
Damaging - The files may be improperly infected. This results in infected files that are broken and crash.
Because of bugs in the virus it may happen that only some of the virus code be present in the infected sample and inhibit further replication.
No stealth techinques used. It modifies the OEP (Original Entry Point) of the infected file to point to the virus code.
Encrypted - The virus code inside the infected file is encrypted.
This memory-resistent infector remains active in memory.
Approximately 19.000 Bytes
Ignores files that:
Contain any of the following strings in their name:
The following files are infected:
By file type:
Files in any of the following directories:
Description inserted by Daniel Constantin on Thursday, March 25, 2010
Description updated by Daniel Constantin on Thursday, March 25, 2010