If you thought you had seen everything in terms of malware infection, here’s a news flash: there’s a new wonder-virus that doesn’t infect your binary files, but rather swallows them all.
Win32.Xorer.EK is an extremely discrete e-threat that, once on the computer, will constantly force you into visiting various websites. Unlike its siblings that corrupt and destroy other files, it prepends the target-executable to itself, as shown:
More than that, in order not to cast any suspicion to the user, it simply borrows the legitimate application’s icon. The only symptoms that might hint the user about an infection are:
- The presence of a “.pif”-appended file inside documents and settings[user-name]Start MenuProgramsStartup
- The presence of a hidden file named “pagefile.pif”, and an autorun.inf file inside root directories of drives pointing at it;
- A slight increase in the file’s size (about 64 Kilobytes of extra code);
- Any signs of slowdowns or forceful advertisements inside the Internet Explorer