Virus.Win32.Spreder

Class Virus
Platform Win32
Description

Technical Details

Spreader is a harmless nonmemory resident parasitic Win32 virus. It infects .EXE files that have sizes ranging from 100KB to 10MB. The virus itself is a Windows PE EXE file written in Microsoft Visual C++. The virus size is about 60KB, but during the infecting procuess the size increases by about 410KB.

The virus looks for victim EXE files in the Kazaa (file sharing network) download directory (if there is one).If Kazaa is not installed the virus fails to infect any files.

While infecting the virus writes itself to the beginning of victim files, the original file body is moved down before infecting. To release control to the host file the virus creates its “disinfected” copy in the savenow00.exe file in the Windows directory and then executes it.

If the c:devspreader directory exists, the virus writes an action (listing its own actions) to the debug.log directory.

The spreder virus doesn’t manifest itself in any way.

The virus contains the text string:

 spreader
 Version 1.0