This file infector may be dropped or downloaded from remote sites by other malware.
This file infector drops a copy of itself. This file infector creates a registry entry to enable its automatic execution at every system startup.
It then checks all subkeys listed under a registry key and creates a specific entry for every found subkey. This is done to ensure that the execution of the file infector everytime a debugging event is triggered for each listed subkey.
This file infector infects by prepending its code to target host files. It does not infect files with file size less than 1 KB. It also avoids certain folders. Trend Micro detects infected files as PE_PROYO.A.
This file infector drops hidden copies of itself in all physical and removable drives. It drops an
AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.
More...