Details
Win32.HLLC.Winatch
p>Win32.HLLC.Winatch is a non-memory resident companion Win32 virus. The virus itself is a Windows PE EXE file about 565Kb in length, written in the WinBatch language.
The virus searches for .EXE files (all types of .EXE files) in the current directory and moves them to the Windows TEMP "JmbHgfR" subdirectory (%WinDir%TEMPJmbHgfR) and overwrites original files with copies. To return control to host program the virus runs copies from the "TEMPJmbHgfR" directory.
This virus also copies itself to the Windows directory by the name "Lisezmoi.exe" and registers this file in the system registry auto-run key:
HKCRexefileshellopencommand = %WinDir%Lisezmoi.exe %1 %*
