1 min read

[Malware Review] Win32.Xorer.EK

Loredana BOTEZATU

March 02, 2010

Promo Protect all your devices, without slowing them down.
Free 30-day trial
[Malware Review] Win32.Xorer.EK

If you thought you had seen everything in terms of malware infection, here’s a news flash: there’s a new wonder-virus that doesn’t infect your binary files, but rather swallows them all.

Win32.Xorer.EK is an extremely discrete e-threat that, once on the computer, will constantly force you into visiting various websites. Unlike its siblings that corrupt and destroy other files, it prepends the target-executable to itself, as shown:

More than that, in order not to cast any suspicion to the user, it simply borrows the legitimate application’s icon. The only symptoms that might hint the user about an infection are:

  • The presence of a “.pif”-appended file inside documents and settings[user-name]Start MenuProgramsStartup
  • The presence of a hidden file named “pagefile.pif”, and an autorun.inf file inside root directories of drives pointing at it;
  • A slight increase in the file’s size (about 64 Kilobytes of extra code);
  • Any signs of slowdowns or forceful advertisements inside the Internet Explorer

tags


Author


Loredana BOTEZATU

A blend of product manager and journalist with a pinch of e-threat analysis, Loredana writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair.

View all posts

You might also like

Bookmarks


loader