 | This article needs additional citations for verification .(November 2009) |
The Fun.Exe virus is of the w32.Assarm family of computer viruses. According to Symantec [1] it registers itself as a Windows system process then periodically sends mail with spreading attachments as a response to any unopened emails in Outlook Express. This virus first appeared in early 2008 and is now recognized by most anti virus programs.
The virus will install multiple copies of itself throughout the system. It makes itself hard to remove by installing many different copies with different names in different locations. The running copy is a system process and will restart if it is closed manually. It adds itself to auto run information so that it executes multiple copies on startup. The copies monitor each other and will restore each other if one is deleted. This makes deleting from Windows nearly impossible.
Known file names used by the virus are Fun.exe, DC.exe, Other.exe, SVIQ.exe, win.exe, WinSit.exe, Windev.exe, and thisisnotmalwarelol.exe. This malware is usually embedded on PowerPoint documents. This allowed to malware to bypass most antiviruses, including Sophos and Kaspersky.
The file icon is made to look like the icon for a folder, inviting the user to open the folder when actually they are running the program thus starting the initial infection. However the graphic icon for the folder is poorly ripped from Windows service icons and can be distinguished by subtle visual differences, predominantly white below the black outline of the folder which on the real folder icon is dithered to transparent space. This visual difference is especially noticeable in safe mode when graphic operating capacity is in 256 color mode instead of 24 bit color mode.
The files show a creation date of 6-23-2008 and show an original name of Olalatheworld.exe and an internal name of Olalatheworld. The files are 124,928 bytes in size. These characteristics can help distinguish the infected files, which is important because some of the names used by the file are names of legitimate Windows files and therefore care must be taken not to accidentally remove a vital Windows file.
A terminate-and-stay-resident program is a computer program running under DOS that uses a system call to return control to DOS as though it has finished, but remains in computer memory so it can be reactivated later. This technique partially overcame DOS's limitation of executing only one program, or task, at a time. TSRs are used only in DOS, not in Windows.
File Explorer, previously known as Windows Explorer, is a file manager application and default desktop environment that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems, as well as user interface elements such as the taskbar and desktop.
Installation of a computer program, is the act of making the program ready for execution. Installation refers to the particular configuration of software or hardware with a view to making it usable with the computer. A soft or digital copy of the piece of software (program) is needed to install it. There are different processes of installing a piece of software (program). Because the process varies for each program and each computer, programs often come with an installer, a specialised program responsible for doing whatever is needed for the installation. Installation may be part of a larger software deployment process.
The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces can all use the registry. The registry also allows access to counters for profiling system performance.
System Restore is a feature in Microsoft Windows that allows the user to revert their computer's state to that of a previous point in time, which can be used to recover from system malfunctions or other problems. First included in Windows Me, it has been included in all following desktop versions of Windows released since, excluding Windows Server. In Windows 10, System Restore is turned off by default and must be enabled by users in order to function. This does not affect personal files such as documents, music, pictures, and videos.
As the next version of Windows NT after Windows 2000, as well as the successor to Windows Me, Windows XP introduced many new features but it also removed some others.
User Account Control (UAC) is a mandatory access control enforcement feature introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed version also present in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows 11. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorises an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges and malware are kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorises it.
The Vundo Trojan is either a Trojan horse or a computer worm that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook. It also is used to deliver other malware to its host computers. Later versions include rootkits and ransomware.
Task Manager, previously known as Windows Task Manager, is a task manager, system monitor, and startup manager included with Microsoft Windows systems. It provides information about computer performance and running software, including name of running processes, CPU and GPU load, commit charge, I/O details, logged-in users, and Windows services. Task Manager can also be used to set process priorities, processor affinity, start and stop services, and forcibly terminate processes.
The Microsoft Windows operating system supports a form of shared libraries known as "dynamic-link libraries", which are code libraries that can be used by multiple processes while only one copy is loaded into memory. This article provides an overview of the core libraries that are included with every modern Windows installation, on top of which most Windows applications are built.
W32.Navidad is a mass-mailing worm program or virus, discovered in December 2000 that ran on Windows 95, Windows 98, Windows NT, and Windows 2000 systems. It was designed to spread through email clients such as Microsoft Outlook while masquerading as an executable electronic Christmas card. Infected computers can be identified by blue eye icons which appear in the Windows system tray.
Brontok is a computer worm running on Microsoft Windows. It is able to disperse by e-mail. Variants include:
The NTFS file system defines various ways to redirect files and folders, e.g., to make a file point to another file or its contents without making a copy of it. The object being pointed to is called the target. Such file is called a hard or symbolic link depending on a way it's stored on the filesystem.
RavMonE, also known as RJump, is a Trojan that opens a backdoor on computers running Microsoft Windows. Once a computer is infected, the virus allows unauthorized users to gain access to the computer's contents. This poses a security risk for the infected machine's user, as the attacker can steal personal information, and use the computer as an access point into an internal network.
SpySheriff is malware that disguises itself as anti-spyware software. It attempts to mislead the user with false security alerts, threatening them into buying the program. Like other rogue antiviruses, after producing a list of false threats, it prompts the user to pay to remove them. The software is particularly difficult to remove, since it nests its components in System Restore folders, and also blocks some system management tools. However, SpySheriff can be removed by an experienced user, antivirus software, or by using a rescue disk.
Daprosy worm was a malicious computer program that spreads via local area network (LAN) connections, spammed e-mails and USB mass storage devices. Infection comes from a single read1st.exe file where several dozen clones are created at once bearing the names of compromised folders. The most obvious symptom of Daprosy infection is the presence of Classified.exe or Do not open - secrets!.exe files from infected folders.
Swen is a mass mailing computer worm written in C++. It sends an email which contains the installer for the virus, disguised as a Microsoft Windows update, although it also works on P2P filesharing networks, IRC and newsgroups' websites. It was first analyzed on September 18, 2003, however, it might have infected computers before then. It disables firewalls and antivirus programs.
Sality is the classification for a family of malicious software (malware), which infects Microsoft Windows systems files. Sality was first discovered in 2003 and has advanced to become a dynamic, enduring and full-featured form of malicious code. Systems infected with Sality may communicate over a peer-to-peer (P2P) network to form a botnet to relay spam, proxying of communications, exfiltrating sensitive data, compromising web servers and/or coordinating distributed computing tasks to process intensive tasks. Since 2010, certain variants of Sality have also incorporated rootkit functions as part of an ongoing evolution of the malware family. Because of its continued development and capabilities, Sality is considered one of the most complex and formidable forms of malware to date.
Slenfbot is the classification for a family of malicious software (malware), which infects files on Microsoft Windows systems. Slenfbot was first discovered in 2007 and, since then, numerous variants have followed; each with slightly different characteristics and new additions to the worm's payload, such as the ability to provide the attacker with unauthorized access to the compromised host. Slenfbot primarily spreads by luring users to follow links to websites, which contain a malicious payload. Slenfbot propagates via instant messaging applications, removable drives and/or the local network via network shares. The code for Slenfbot appears to be closely managed, which may provide attribution to a single group and/or indicate that a large portion of the code is shared amongst multiple groups. The inclusion of other malware families and variants as well as its own continuous evolution, makes Slenfbot a highly effective downloader with a propensity to cause even more damage to compromised systems.
 | This malware-related article is a stub. You can help Wikipedia by expanding it. |