My Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus


7000 bytes



Removal instructions:

  1. If you don't have BitDefender installed click here to download an evaluation version;

  2. Make sure that you have the latest updates using BitDefender Live!;

  3. Perform a full scan of your system (selecting, from the Action tab, the option Prompt user for action). Choose to delete all the files infected with Win32.Fosforo.A.

Analyzed By

Mihai Neagu BitDefender Virus Researcher

Technical Description:

The virus uses the EPO (Entry Point Obscurity) technique to make detection harder - that is, replaces an API call with a call to its code. It appends itself at the end of the file, and is encrypted with a primitive method. It has also an anti-debug trick that would cause a stack overflow.

The virus infects most of PE files in current directory, as well as Windows and System directories. It doesn\'t infect files that have V as the first or second letter, or files whose name begin with "F-". The virus may infect incorrectly some files and so they may not run. Infected files also have the file PE structure corrupt in the last part, and may give a not-enough-memory message when ran.

On the date of 12 July of any year, infected applications hang if ran.