Home>Classic Viruses>File and Boot Viruses>

Virus.Win32.Maya.4106

Alert Level :	High
Discovered:	Mar 07 2000
Tag:	Executable   File   and   Boot   Viruses
Discoverer and Source:	http://www.kaspersky.com/

Malware Behavior and Technical Description

To get access to Windows functions the virus scans KERNEL32 export table, gets the GetProcAddress function address and then by using this value gets addresses of necessary functions:

KERNEL32.DLL:

GetModuleHandleA GetProcAddress CreateFileA WriteFile GetFileSize
CreateFileMappingA MapViewOfFile UnmapViewOfFile CloseHandle
FindFirstFileA FindNextFileA FindClose SetFilePointer SetEndOfFile
GetCurrentDirectoryA SetCurrentDirectoryA GetFileAttributesA
SetFileAttributesA GetSystemTime GetWindowsDirectoryA

USER32.DLL and ADVAPI32.DLL:

RegOpenKeyExA RegSetValueExA MessageBoxA SystemParametersInfoA

The "per-process resident" code of the virus scans current (host) process imports table and hooks following Windows file access functions, if the process imports them:

MoveFileA CopyFileA CreateFileA DeleteFileA SetFileAttributesA
GetFileAttributesA GetFullPathNameA CreateProcessA

The virus also contains the text strings:

To Aparna S. : Forever in love with you...
AYAM
IAHS
Control Panel\Desktop
TileWallpaper
WallpaperStyle
SLAM.BMP

0

Removal Virus.Win32.Maya.4106 instructions:

0

Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!

Great Anti-Virus Software : Kaspersky Internet Security 2009 Save 35% Buy Panda Global Protection 2009 and Panda Antiviru Download PandaLabs Reports Free AVG virus removel tools Hunting Down Spyware and Adware Adware and spyware, knowing the basics Adware Spyware Remover from CBAdvance Keeping Your Computer in Good Condition Using Free Spyware A Beware of Covert Online Spies Why the Need to Remove Adware and Spyware