Selected viruses, spyware, and other threats: sorted alphabetically
Short description
The worm tries to copy itself into shared folders of machines on a local network. Installation
When executed, the worm copies itself in the %system% folder using the following name: - aston.mt (126976 B)
- nvaux32.dll (237576 B)
- e.spa (32768 B)
- adj.j (32768 B)
- devh.e2 (37376 B)
- rdxz.e (63488 B)
- %system%\user32.dll, %system%\%variable%
The following file is modified:
- %system%\user32.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Windows]
"%variable%Init_Dlls" = "nvaux32"
Spreading via shared folders
Win32/Pinit.B is a worm that spreads via shared folders. The worm tries to copy itself into shared folders of machines on a local network.
The following usernames are used:
- administrator
- 0
- 1
- 11
- 13
- 123
- MarioForever.exe
- %system%\cls.exe
The worm registers itself as a system service using the following filename:
- OKAMAI Service
Information stealing
Win32/Pinit.B is a worm that steals passwords and other sensitive information. The worm can send the information to a remote machine. The HTTP protocol is used. Other information
The worm alters the behavior of the following processes: - avgcc.exe
- zlclient.exe
- zlclient.exe
- kavpf.exe
- lspfix.exe
- cmd.exe
- ftp.exe
- net.exe
- %system%\pla.ax
- %system%\paso.el
- %system%\ntpl.bin
- %system%\aston.mt
