My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

MSIL.Cxover.A

LOW
HIGH
61440 bytes
(Cxover.A, WORM_CXOVER.A)

Symptoms

Presence under the windows directory of the virus executable with file names composed of a random number (between 0 and 2147483647) and the .exe extension, with the size of 61440 bytes.

Removal instructions:

Please let BitDefender delete your files.

Analyzed By

SАndor LUKаCS, BitDefender virus researcher

Technical Description:

The virus spreads from desktop systems running Windows with .NET to mobile devices attached to the system, accessible trough RAPI (Remote API).

When executed the virus checks if it is running on a Mobile / CE version of Windows (on a mobile device) or a desktop system.

If it is running on a mobile device, then the virus will execute the following steps:
  • deletes all files recursively from \My documents\
  • process all directories under the current root (\) and creates one copy of the virus under \windows with a random name ([random-number].exe)
  • creates a shortcut under \Windows\Startup for the new exe to ensure automatic execution of the virus on next reboot.
If it is running on a desktop system, then the virus will execute the next steps:
  • creates a new copy of the virus under \windows with a random name ([random-nr].exe)
  • creates an entry under SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ to ensure automatic execution of the virus on next reboot
  • opens a RAPI (Remote API) connection and waits until a mobile device is available
  • moves a copy of the virus to the mobile device under \Windows\[random-nr].exe
  • executes the new example of the virus under the mobile device
The virus contains the following message:

"the crossover virus - poc - by Dr. Julius Storm - The great walls of China that separated
the domains between wired and wireless, desktop and handhelds have been reduce to ruble.
Vxers are entering a new era of greater vx possibilities with the chance of reaching more
systems around the world than ever before.  The viruses of the past are nothing compared
to what the future holds.  2006 marks the establishment of a New Cyberworld Order with
vxers around the world united at the forefront.  The time is now to prepare and defend,
are you ready?"