Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Pe_proyo.a-o

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Pe_proyo.a-o
# 1  
Old 01-03-2008
Pe_proyo.a-o
This file infector may be dropped or downloaded from remote sites by other malware.
This file infector drops a copy of itself. This file infector creates a registry entry to enable its automatic execution at every system startup.
It then checks all subkeys listed under a registry key and creates a specific entry for every found subkey. This is done to ensure that the execution of the file infector everytime a debugging event is triggered for each listed subkey.
This file infector infects by prepending its code to target host files. It does not infect files with file size less than 1 KB. It also avoids certain folders. Trend Micro detects infected files as PE_PROYO.A.
This file infector drops hidden copies of itself in all physical and removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT SUNOS

soldelapp

soldelapp(1M)						  System Administration Commands					     soldelapp(1M)

NAME

       soldelapp - remove an application from the Solstice application registry

SYNOPSIS

       /usr/snadm/bin/soldelapp [-r registry] -n name

DESCRIPTION

       soldelapp  removes an application from the Solstice application registry. After removal, the application is no longer displayed in the Sol-
       stice Launcher main window (see	solstice(1M)).

OPTIONS

       -r registry     Define the full path name of the Solstice registry file.

       -n name	       Define the name of the tool to be removed.

       When executed without options,  soldelapp uses  /opt/SUNWadm/etc/.solstice_registry (the default registry path).

RETURN VALUES

       0	on success

       1	on failure

       2	if the registry is locked

       3	if  name is not found in the registry

       4	if the named registry or default registry is not found

EXAMPLES

       Example 1: A sample display of the soldelapp command.

       The following removes an application called Disk Manager from the Solstice application registry and the Solstice Launcher main window.

       # soldelapp -r /opt/SUNWadm/etc/.solstice_registry -n "Disk Manager"

FILES

       /opt/SUNWadm/etc/.solstice_registry     The default registry file.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWsadml 		   |
       +-----------------------------+-----------------------------+

SEE ALSO

       soladdapp(1M), solstice(1M), attributes(5)

NOTES

       Globally registered applications are used by local and remote users sharing the software in  a  particular  /opt  directory.  They  can	be
       removed only using  soldelapp.

SunOS 5.10							    15 Sep 1995 						     soldelapp(1M)