 |
W32/Xorer Virus
| Name |
W32/Xorer Virus |
| Aliases |
Virus.Win32.Xorer.ez, W32.Pagipef, Win32/Diskgen.A, DummyCom |
| Updated on |
March 25, 2008 |
 Virus Information - W32/Xorer Virus:
W32/Xorer is a virus. The virus will infect Windows systems.
Upon execution, the virus creates AUTORUN.INF and pagefile.pif in all drives.
It also creates, the following files:
 AntiTool.exe in the dows System folder,
packet.dll in the Windows System folder,
wpcap.dll in the Windows System folder,
alg.exe in the Windows System\drivers folder,
npf.sys in the Windows System\drivers folder,
lsass.exe in the Windows System\Com folder,
netcfg.000 in the Windows System\Com folder,
netcfg.dll in the Windows System\Com folder,
smss.exe in the Windows System\Com folder.
The virus modifies the following registry at the following locations:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450EC9C4-0F7F-407F-B084-D1147FE9DDCC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9901239-34A2-448D-A000-3705544ECE9D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D96C4BF-8DCA-4A97-A24A-896FF841AE2D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AAC17985-187F-4457-A841-E60BAE6359C2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{814293BA-8708-42E9-A6B7-1BD3172B9DDF}
The virus also tries to access the following websites:
w.c0(Deleted)o.com/r.htm
f.gxlg(Deleted)x.com/html/dg2.html
d.gxlg(Deleted)x.com/html/qb2.html
|
