English
Russian
Japanese
LatAm
Türkiye
Brasil
France
Český
Deutschland
Virus.Win32.Hidrag
| Detect Date | 04/03/2007 |
| Class | Virus |
| Platform | Win32 |
| Description |
Hidrag is a non-dangerous memory resident parasitic Win32 virus. The virus infects Win32 PE EXE files. While infecting the virus encrypts a block of victim files. When the Hidrag virus runs it creates a copy of itself that is about 36K in size and places it in the Windows directory using the name svchost.exe. Next Hidrag registers this file in the system registry auto-run key: HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices PowerManager = %WindowsDir%SVCHOST.EXE Hidrag then stays in Windows memory as an active process, searches for EXE files on all drives – starting with the C: drive – and infects them. The virus does not manifest itself in any way. The virus contains the following encrypted text strings: Hidden Dragon virus. Born in a tropical swamp. PowerManagerMutant
|
| Find out the statistics of the threats spreading in your region |