Win32.Muce.A( Win32.Puce.A )
SYMPTOMS: Executable files size grows considerably (a clean file of about 90 KB will have after infection about 600 KB). TECHNICAL DESCRIPTION: The virus is written in Borland C++. Once executed, it searches for executable files on current drives (from C: to Z: - even mapped drives), and infects them. The original file is encrypted and inserted into the resource section of a new copy of the virus. The encryption key is randomly generated, and inserted into the same resource section. When executing an infected file, the virus extracts the victim file from its resource section, decrypts it, drops the decrypted file, and then executes it. Removal instructions: Please use the free removal tool in order to disinfect your files (use the link at the top of this page). ANALYZED BY: Raul Tosa, virus researcher. |
