Latest Articles
cli.exe
NTNDIS.EXE
Email-Worm.Win32.Net...
Virus.Win32. Hala.a
Trojan-Clicker.HTML....
   >Dir
*
1C Предпреятие

*Informer
*Vulnerability
*Viruses
*Software
*FreeBSD
*Linux
*Mac
*Windows
*Google
   Ads
   VisitorCount
   
Virus.Win32. Hala.a
Furthermore it infects executable files on a user's computer. The program is a library of Windows (PE DLL-file). The size of the original malware - 20480 bytes. It is not packed. Written in Visual C + +.

Installation

Once launched, the virus creates in the Windows system directory following libraries:
%System%\d3d8xof.dll -3072Byte
%System%\d9dx.dll -20480byte
To determine its presence in the system virus creates a unique identifier:
__DL_CORE5_MUTEX__

Once launched, the virus writes its code in the address space system process "explorer.exe". After that infected the process of looking for all files ending in. Exe and appends to the end of found files virus code.

Prospecting shall not be in folders with the following names:

QQ
Windows
WINNT
Local Settings \ Temp

Also, do not become infected with the following files:

wooolcfg.exe
woool.exe
ztconfig.exe
patchupdate.exe
trojankiller.exe
xy2player.exe
flyff.exe
xy2.exe
au_unins_web.exe
cabal.exe
cabalmain9x.exe
cabalmain.exe
meteor.exe
patcher.exe
mjonline.exe
config.exe
zuonline.exe
userpic.exe
main.exe
dk2.exe
autoupdate.exe
dbfsupdate.exe
asktao.exe
sealspeed.exe
xlqy2.exe
game.exe
wb-service.exe
nbt-dragonraja2006.exe
dragonraja.exe
mhclient-connect.exe
hs.exe
mts.exe
gc.exe
zfs.exe
neuz.exe
maplestory.exe
nsstarter.exe
nmcosrv.exe
ca.exe
nmservice.exe
kartrider.exe
audition.exe
zhengtu.exe

The worm also has the ability to download other malicious programs to a user's computer to steal passwords for online games. For this sends a request specifying parameters of the infected system (at the time of writing, these links were not working):

http://message.microsofte.in/counter.asp?action *****
http://imrw0rldwide.com/DL/counter.asp?action *****
   Comments
No Comments have been Posted.
   Post Comment
Please Login to Post a Comment.
   Ratings
Rating is available to Members only.

Please login or register to vote.

No Ratings have been Posted.
   Login
Username

Password



Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.
   Member Poll
Site Language You Prefer

English (Present)

Russian

Georgian

Italian

You must login to vote.
   Ads