Alias: W32/Dref@MM (McAfee),
Win32/Astrool.12730
Category: Win32
Type: Virus, Worm
Published Date: 2/19/2004
Last Modified: 2/19/2004
CHARACTERISTICS
Win32.Astrool.12730 is a polymorphic, encrypted file infecting virus, as well as a worm that can spread via e-mail using the Simple MAPI protocol. It also targets files being shared by Kazaa, enabling it to spread via peer-to-peer file sharing.
Method of Installation
Astrool.12730 does not install itself on the system directly. As a traditional virus, it implants itself by infecting files on the system.
Method of Distribution
Via File Infection
When run, Astrool.12730 searches for and infects Windows PE executable files in the current directory, and in Kazaa shared directories. It finds these shared directories by reading this registry value:
HKEY_CURRENT_USER\Software\Kazaa\LocalContent\dir0
This enables it to spread through executable files shared through Kazaa. The virus infects files with the extensions .exe and .scr. It also attempts to add itself to RAR archives (*.rar), if it finds any.
Read more: http://www3.ca.com/virusinfo/virus.aspx?ID=38333

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic