Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
Win32.HLLC.Susa Viruses Information

Name: Win32.HLLC.Susa
Category: Viruses
Description: Details
Win32.HLLC.Susan

Susan is memory resident Win32 companion virus that is not particularly dangerous. The virus itself is a Windows PE EXE file about 66KB in length and written in Delphi.
The virus searches for .EXE files in the Windows "Program Files" directory on the C: drive and infects them. While infecting the virus copies a file under the "%filename%2.exe" name (adds"2" char to file name) and copies itself with the original name of victim file, for example:
filename.exe -> filename2.ex (the number "2" is added to the file name)
virus -> filename.exe (virus copy under the original victim file name)
When the infected file is run, it gets its file name, looks for the host file (with the number "2" at the end of the file name) and then executes it. Thus the host file gains control.
The virus then copies itself in the Windows directory under the name "syst.exe" and registers this copy in the registry auto-run key:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun syst = %virus name%
The virus also creates two more registry keys:
HKCUSOFTWAREc1
HKCUSOFTWAREc2
and writes two counters to the auto-run key. Depending on these counters values the virus activates its infection routine.
The virus also creates one more registry key:
HKCUSoftwaresystdisable
and writes to this location the total number of files that were infected on the particular machine. If there is the number "1" there, the virus just exits without taking any action.
The virus does not manifest itself in any way.
The "Susan" virus contains the following text strings:
vSusanne01b
2001,MadeinSlovakia



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Win16.RedTea
I-Worm.Bagle.a
MF famil
Technomaniac.77
Carioca.95
I-Worm.Totili
Paris.490
Win32.HLLC.Winatc
Ksenia.359
SMEG.v0_3.Demo.


 

© 2006-2008 spyware32.com - Privacy Policy