(Email-Worm.Win32.Warezov.om, Win32/Cekar.C, Trojan.Downloader.Agent.NUY)
- Presence of hidden file named i0.sys in root of the disk C:
- Growing size of executables by 14516 bytes
- Increased internet traffic
Please let BitDefender disinfect your files.
Suiu Andrei, virus researcher
Once executed, the virus tries to download and execute a file from http://www.KILLVC.net/[removed].exe, which is a file infector that infects other executables with the Win32.Jacksud.A virus. Also it drops a .dll file onto the root directory of disk C:\. This file, called i0.sys is detected as Win32.Worm.Fujacks.AR, and it is loaded into memory and executed by the file infector itself.