My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Perlovga.A

MEDIUM
LOW
1216 bytes
(Worm.Win32.Perlovga.A, Worm:Win32/Perlovga, W32/Perlovga.A)

Symptoms

Presence of the following files:
            * %windir%\autorun.inf
            * %windir%\xcopy.exe
            * %windir%\svchost.exe

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Daniel RADU, Virus Researcher

Technical Description:

         This malware does the following actions when executed:
              * launches "explorer.exe" with the system drive as parameter (which indirectly executes , if present, autorun.inf)
              * copies itself into %windir% with the name  "xcopy.exe"
              * copies %windrive%\host.exe into %windir%\svchost.exe
             
* copies %windrive%\autorun.inf into %windir%\autorun.inf
              * launches %windir%\svchost.exe