high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | January 2007 (4.13) |
| Protection available since | 13 November 2006 21:06:56 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for disinfecting PE executables.
More Information
W32/Pardona-A is a virus for the Windows platform.
The virus attempts to infect EXE files, and to modify HTM and ASP files so that they silently download from a remote webiste.
W32/Pardona-A may spread to other network computers and may also spread via email.
W32/Pardona-A also includes functionality to download, install and run new software. W32/Pardona-A is a virus for the Windows platform.
The virus attempts to infect EXE files, and to modify HTM and ASP files so that they silently download from a remote webiste.
W32/Pardona-A may spread to other network computers and may also spread via email.
W32/Pardona-A also includes functionality to download, install and run new software.
When first run W32/Pardona-A copies itself to <Windows system folder>\ePower.exe and to several files of the form <Temp>\<random letters>
Each of these files is either identical to, or slight variants of, the original file. All will be detected as W32/Pardona-A.
The virus also creates the file C:\WINDOWS\System32\<random letters>.sys
This SYS file is registered as a new system driver service named "SysDrver", with a display name of "System SSDP Services". Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\SysDrver\
The SYS file, which is detected as Troj/Pardot-A, uses stealth functionality to hide processes creates by W32/Pardona-A.
The virus attempts to download and execute a file to the following location:
C:\tool.exe
|
