My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Stufik.A

HIGH
HIGH
varies
(Tufik)

Symptoms

  • Unwanted processes running at startup.
  • The computer tryes to download an unknown executable at startup.
  • Executables increase in size with 3 Kb.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Cristian Lungu, virus researcher

Technical Description:

The file infector is a 2 part infection type. Each executable is infected with a piece of code that tryes to download from the address: http://www.365xinyu.com/... a file that actualy makes the infection. The infection creates the directory C:\windows\temp\ if it doesn't exist and copyes itself there and starts the execution.
It also copyes itself in C:\Windows\ as alg.exe and in C:\lsass.bbb. The file stores in at the position 0xDA the current generation of the infection.
It then creates the key:
HK_LM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lsass that stores the path of the downloaded file to be executed at startup. This file is executed and infects all the executables from all accesible drives with the code that is responsable for the download.