high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Included in our products from | January 2007 (4.13) |
| Protection available since | 16 November 2006 23:05:30 (GMT) |
| Last updated | 22 November 2006 00:07:40 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for disinfecting PE executables.
More Information
W32/Pardona-B is a virus for the Windows platform.
The virus attempts to infect EXE files, and to modify HTM and ASP files so that they silently download from a remote webiste.
W32/Pardona-B may spread to other network computers and may also spread via email.
W32/Pardona-B also includes functionality to download, install and run new software. W32/Pardona-B is a virus for the Windows platform.
The virus attempts to infect EXE files, and to modify HTM and ASP files so that they silently download from a remote webiste.
W32/Pardona-B may spread to other network computers and may also spread via email.
W32/Pardona-B also includes functionality to download, install and run new software.
When first run W32/Pardona-B copies itself to <Windows system folder>\ePower.exe and to several files of the form
<Temp>\<random letters>
Each of these files is either identical to, or slight variants of, the original file. All will be detected as W32/Pardona-B.
The virus also creates the file C:\WINDOWS\System32\<random letters>.sys
This SYS file is registered as a new system driver service named "SysDrver", with a display name of "System SSDP Services".
Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\SysDrver\
The SYS file, which is detected as Troj/Pardot-A, uses stealth functionality to hide processes creates by W32/Pardona-B.
The virus attempts to download and execute files to the following location:
C:\tool<number>.exe
|
