Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
Win32.Porex. Viruses Information

Name: Win32.Porex.
Category: Viruses
Description: Details
Win32.Porex.a

"Porex" is a memory resident parasitic and companion Win32 virus. The virus itself is Windows PE EXE file about 37KB in length and written in Microsoft Visual C++.
The virus affects files of two types: Win32 PE executable files, and files with the .DOC filename extension. The virus affects files only if file size is above 10KB and less than 21MB. The virus searches for victim files on all available drives and in all directories.
While infecting EXE files the virus writes itself to the beginning of the file.
While infecting %filename%.DOC files the virus creates a "companion" %filename%.EXE file and writes itself to this new EXE file.
When the virus is run from infected EXE files, it extracts the EXE host file to a temporary .RNT file and spawns it. As a result the host file gets control. The virus then installs itself to the system and runs its infection routine.
When the virus is run from the companion EXE file it just installs itself to the system and runs its infection routine.
In both cases the virus registers itself as a system service process, as a result it is not visible in the tasks list.
While installing, the worm copies itself to the Windows directory under the name poserv.exe and registers this file in the system registry auto-run key:
HKCUSoftwareMicrosoftWindowsCurrentVersionRun
PO system service = %WindowsDir%poserv.exe

The virus has a trojan routine that sends to its master information from infected computers, including: Windows version, computer name, user name, processor type, ICQ information
The virus also looks for the following strings in application windows, and grabs text strings from there, such as: password, mail, ftp, and telnet.
While grabbing this information the virus creates a logger.bin file in the Windows directory.
The virus also searches for and tries to terminate the following processes:

aplica32.exe zonealarm.exe _avpm.exe
cfiadmin.exe vsmon.exe avpm.exe
cfiaudit.exe vshwin32.exe tds2-98.exe
cfinet32.exe vsecomr.exe ip_tools.exe
cfinet.exe webscanx.exe sewf.exe
iamserv.exe avconsol.exe outpost.exe
iamapp.exe vsstat.exe blackice.exe
pcfwallicon.exe navapw32.exe jammer.exe
frw.exe navw32.exe kerio.*
safeweb.exe lockdown2000.exe firewall.*



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Win95.Regswa
Patras.197
YZ Famil
Win32.Kal
Macro.Word.Dedicat
Gambler.28
Trojan-Spy.HTML.Smitfraud.
I-Worm.Mapson.
I-Worm.Lentin.
Win32.Bor


 

© 2006-2008 spyware32.com - Privacy Policy