Virus Name: W32/Porkis @ MM
Found to date :02-03-19
First appeared Region: Unknown
Length: 49,664 bytes
Virus Type: Mail Virus
Alias: I-Worm.Borzella (AVP), W32.Atram @ mm (NAV), W32.Storiel @ mm (NAV), WORM_PORKIS.A (trend)
Virus Characteristics:
The virus has its own message of the SMTP engine, will use the system default SMTP server to the recipient to the address book to send infected e-mail, to the purpose of transmission of the virus. However, the virus in the English \ American English operating systems, you can not send infected messages.
Virus e-mail message as follows:
Theme:
'Divertimento assicurato' or,
'Leggete urgentemente questa e-mail (se avete tempo da perdere)' or,
'Storielle'
From:
Attachment:
49,664-byte executable file (not packed), file name:
PORKIS.EXE or,
PIPPO.EXE or,
BAR.EXE
Once the virus is running, the dialog box will pop up a series of Italian, for example, the first dialog box as follows:
Moreover, it will generate files in Windows directory DLLMGR.EXE, and modify the registry run key:
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ _
Run "Dll Manager" = C: \ WINDOWS \ DLLMGR.EXE
Restart the system after a while, the virus will try in the SMTP server to connect the system default (from the registry to obtain), then send itself to the Windows address book, all the recipients. However, as noted above, if in the English \ English operating systems, it can not connect with the SMTP server, which can not be sent successfully.
Poisoning signs:
Poisoning occur documents:
C: \ WINDOWS \ DLLMGR.EXE (49,664 bytes)
Mode of transmission:
After running the virus infection affected the user's machine, and to generate the virus in Windows directory copy, and modify the registry makes the system reboot, the virus will run automatically. And then to the address book to send infected messages to all recipients.
没有评论:
发表评论