high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | February 2007 (4.14) |
| Protection available since | 2 December 2006 15:20:08 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for disinfecting PE executables.
More Information
W32/Pardona-C is a virus for the Windows platform.
The virus attempts to infect EXE files, and to modify HTM and ASP files so that they silently download from a remote webiste.
W32/Pardona-C may spread to other network computers and may also spread via email.
W32/Pardona-C also includes functionality to download, install and run new software.
W32/Pardona-C installs a rootkit detected as Troj/Pardot-B.
Infected HTM and ASP files are detected as Troj/Psyme-DO. W32/Pardona-C is a virus for the Windows platform.
The virus attempts to infect EXE files, and to modify HTM and ASP files so that they silently download from a remote webiste.
W32/Pardona-C may spread to other network computers and may also spread via email.
W32/Pardona-C also includes functionality to download, install and run new software.
When first run W32/Pardona-C copies itself to <System>\ePower.exe and to several files of the form
<Temp>\<random letters>
Each of these files is either identical to, or slight variants of, the original file. All will be detected as W32/Pardona-C.
The virus also creates the file C:\WINDOWS\System32\<random letters>.sys
This SYS file is registered as a new system driver service named "SysDrver", with a display name of "System SSDP Services".
Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\SysDrver\
The SYS file, which is detected as Troj/Pardot-B, uses stealth functionality to hide processes created by W32/Pardona-C.
Infected HTM and ASP files are detected as Troj/Psyme-DO.
|
