Virus.Win32.HLLW.Scareg

tag:Executable File and Boot Viruses

0 0

Scareg is a worm virus spreading through removable drives (i.e. floppy disks, zip disks etc.). The worm itself is a Windows PE EXE file about 372Kb in size, written in Delphi.

The worm installs itself into the system twice.

First, it moves the original SCANREGW.EXE file from the Windows directory to the Windows system directory:

Windows\SCANREGW.EXE -> Windows\SYSTEM\SCANREGW.EXE

and overwrites the original SCANREGW.EXE file with its (worm) copy.

Second, the worm copies itself to Windows directory under the name: \MEDIA\IDH_001.exe

The worm then creates or modifies the existing registry auto-run key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ScanRegistry = %WindowsDir%\Scanregw.exe

To spread further the worm gets the list of all removable drives (floppy disks, zip drives etc.) and copies itself there under the name HDD.EXE.

previous:Virus.Win32.HLLW.Nulock
previous:Virus.Win32.HLLW.Showgame.a

Virus Source from:

New articles

Virus.Win32.Chop.3808 It is not a dangerous nonmemory resident parasitic polymorphic Win32 virus. It searches for PE EXE files in the current directory, then writes itself to the en...Virus.Win32.Crypto This text was written with the help of Adrian Marinescu, GeCAD Software.This is a very dangerous memory resident parasitic polymorphic Win32 virus about 20K i...Virus.Win32.Delf.k This file virus replaces .exe files with its own body.The virus itself is a Windows PE EXE file 18944 bytes in size, written in Delphi. Payload...Virus.Win32.Devir This is a per-process memory resident parasitic poly-morphic Win32-virus. The virus infects PE EXE files that have .EXE filename extensions. When run, the viru...Virus.Win32.Ditex.aDitex is a memory resident parasitic Win32 virus. It is written in Microsoft Visual C and is about 33KB in size. The virus infects PE EXE files that have .EX...

Hot Articles

Virus.Win32.HLLW.Scareg

Computer Virus Clounds