- executable files will grow in size with about 65 KB.
- the system will not be able to run in Safe Mode.
- slows the system when the virus is searching for executable files to infect.
Please let BitDefender disinfect your files.
The virus is a polymorphic file infector which modifies executable files by appending its encrypted body at the end of the files.
To reach its code, the virus replaces the code at the entry point with a polymorphic sequence holding the decription routine.
write to %windir%\system.ini:
The virus will modify / create the following registry keys:
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> %path_to_virus%\<virus_name>.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline -> 0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA -> 0
The virus hides itself from being detected by dropping a rootkit at %windir%\system32\drivers\<random name>.sys
It will try to find and stop processes and services known to be from antivirus programs, based on a name list previously known.
Send user information and other informations to some previously known ip addresses, like:
The virus will access the following websites to download aditional malware: