This primitive Win32 virus is a Windows PE EXE file 28672 bytes in size, written in Visual Basic.
The virus copies itself to a range of folders on the victim machine under a range of names.
Once launched, the virus will cause one of the following fake error messages to be displayed:
Notwithstanding the error messages, the virus will then start to spread on the victim machine.
The virus scans the victim machines for files with an EXE extension. It then copies itself to the folder where each EXE file is located. It will save the copy under the same name as the original EXE file, but will add a single random letter to the beginning of the file name.
The virus also scans the computer for files with the extensions JPG, AVI and MP3. It will then copy itself to the folders where these files are located, saving the copy with the original file name, but adding an EXE extension.
|Find out the statistics of the threats spreading in your region|