W32/Xanib-A

Posted: September 8, 2009

W32/Xanib-A is a virus that infects executable and multimedia files on a computer, typically affecting the Windows platform.

#	File Name
1	%System%\[FIRST SET OF RANDOM CHARACTERS].exe
2	%System%\[SECOND SET OF RANDOM CHARACTERS].exe
3	%System%\binax.nfo
4	%Windir%\system.ini
5	%Windir%\win.ini

The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[SECOND SET OF RANDOM CHARACTERS]" = "Error"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Win32.Xanib\Command\"(default)" = "Explorer.exe"HKEY_LOCAL_MACHINE\SOFTWARE\[FIRST SET OF RANDOM CHARACTERS]\"[FIRST SET OF RANDOM CHARACTERS]" = "%System%\[FIRST SET OF RANDOM CHARACTERS].exe"HKEY_LOCAL_MACHINE\SOFTWARE\[SECOND SET OF RANDOM CHARACTERS]\"[SECOND SET OF RANDOM CHARACTERS]" = "%System%\[SECOND SET OF RANDOM CHARACTERS].exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[FIRST SET OF RANDOM CHARACTERS]" = "Error"

Leave a Reply