W32/Aegi-A is a virus for the Windows platform. The virus infects EXE files and can spread to local hard disks and floppy drives.
W32/Aegi-A is a virus for the Windows platform that infects EXE files.
When first run, W32/Aegi-A infects EXE files on local hard disks and floppy drives. The virus creates a copy of the original EXE file named <filename>.BAK. When this infected file is running, the virus creates a copy of the original file called <filenam_>.EXE.
W32/Aegi-A installs itself in the registry to run on startup by setting the following registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ExecLoader =
C:\Explorer.exe /exec
W32/Aegi-A can also create a backdoor on an infected computer to allow access to a remote attacker on port 3223. This attacker can issue commands to display messages or close windows on the compromised computer.
At certains times of the day, W32/Aegi-A will display a message box saying "Computer is very bored, play some music ?" If the user clicks Yes, the virus attempts to infect the local disk drives again.
