Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Win32.Astrool.12730

Feb 19, 2004 8:55AM PST

Alias: W32/Dref@MM (McAfee),
Win32/Astrool.12730
Category: Win32
Type: Virus, Worm
Published Date: 2/19/2004
Last Modified: 2/19/2004

CHARACTERISTICS
Win32.Astrool.12730 is a polymorphic, encrypted file infecting virus, as well as a worm that can spread via e-mail using the Simple MAPI protocol. It also targets files being shared by Kazaa, enabling it to spread via peer-to-peer file sharing.

Method of Installation
Astrool.12730 does not install itself on the system directly. As a traditional virus, it implants itself by infecting files on the system.

Method of Distribution
Via File Infection
When run, Astrool.12730 searches for and infects Windows PE executable files in the current directory, and in Kazaa shared directories. It finds these shared directories by reading this registry value:

HKEY_CURRENT_USER\Software\Kazaa\LocalContent\dir0

This enables it to spread through executable files shared through Kazaa. The virus infects files with the extensions .exe and .scr. It also attempts to add itself to RAR archives (*.rar), if it finds any.


Read more: http://www3.ca.com/virusinfo/virus.aspx?ID=38333

Discussion is locked