Virus.Win32.Maya.4106
| Alert Level : | High |
| Discovered: | Mar 07 2000 |
| Tag: | Executable File and Boot Viruses |
| Discoverer and Source: | http://www.kaspersky.com/ |
Malware Behavior and Technical Description
To get access to Windows functions the virus scans KERNEL32 export table, gets the GetProcAddress function address and then by using this value gets addresses of necessary functions:
KERNEL32.DLL:
GetModuleHandleA GetProcAddress CreateFileA WriteFile GetFileSize CreateFileMappingA MapViewOfFile UnmapViewOfFile CloseHandle FindFirstFileA FindNextFileA FindClose SetFilePointer SetEndOfFile GetCurrentDirectoryA SetCurrentDirectoryA GetFileAttributesA SetFileAttributesA GetSystemTime GetWindowsDirectoryA
USER32.DLL and ADVAPI32.DLL:
RegOpenKeyExA RegSetValueExA MessageBoxA SystemParametersInfoA
The "per-process resident" code of the virus scans current (host) process imports table and hooks following Windows file access functions, if the process imports them:
MoveFileA CopyFileA CreateFileA DeleteFileA SetFileAttributesA GetFileAttributesA GetFullPathNameA CreateProcessA
The virus also contains the text strings:
To Aparna S. : Forever in love with you... AYAM IAHS Control Panel\Desktop TileWallpaper WallpaperStyle SLAM.BMP
0
Removal Virus.Win32.Maya.4106 instructions:
0
Need help? Live computer support via remote at SupportSpace |

