Virus:W32/Fontra.A
Date discovered:18/03/2008
Type:Adware/Spyware
In the wild:No
Reported Infections:Low
Distribution Potential:Medium to high
Damage Potential:Medium to high
Static file:No
IVDF version:7.00.03.54 - Wednesday, March 19, 2008

 General Methods of propagation:
   • Infects files


Aliases:
   •  Symantec: W32.Fontra
   •  Mcafee: W32/Fontra.a
   •  Kaspersky: Virus.Win32.Fontra.a
   •  Eset: Win32/Fontra.A


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Infects files

 File infection Infector type:

Appender - The virus main code is added at the end of the infected file.
– The following sections are added to the infected file:
   • ups
   • psu


Method:

This direct-action infector actively searches for files.

From: 14000 Bytes
To: 20000 Bytes


The following files are infected:

By file type:
   • *.exe

Files in any of the following directories:
   • %Kazaa's shared folder%
   • %Morpheus' shared folder%
   • %Shareaza's shared folder%

 Registry The following registry key is added:

– HKCR\%CLSID%
   • %current time%

 Backdoor Contact server:
The following:
   • 69.61.59.114

As a result it may send some information.

Sends information about:
    • Current malware status
    • Information about the Windows operating system

Description inserted by Razvan Olteanu on Monday, July 12, 2010
Description updated by Razvan Olteanu on Monday, July 12, 2010

Back . . . .