11 March 2016 - Forum Rules
Started by freenit, January 06, 2016, 01:06:25 AM
QuoteSality.AT tries to copy one of following files to the Windows temporary files folder (for example, %TEMP%) and infects the copied file:%SystemRoot%\system32\NOTEPAD.EXE%SystemRoot%\system32\WINMINE.EXEThe virus copies the infected file to the root of all remote and removable drives as one of the following:\<random>.pif\<random>.exe\<random>.cmdThe virus then writes an Autorun configuration file named autorun.inf pointing to the virus copy. When the drive is accessed from a PC supporting the Autorun feature, the virus is launched automatically.
Page created in 0.065 seconds with 20 queries.