jairobel
GForum VIP
- Entrou
- Set 24, 2006
- Mensagens
- 13,098
- Gostos Recebidos
- 0
Overview -
This is a detection for a file infector virus that uses kernel mode driver to infect the "%system%\userinit.exe" file on disk.
Characteristics -
Upon execution the virus drops and installs a device driver named "pcihdd.sys" from %system%\drivers directory.
Once the driver is installed the "pcihdd.sys" file is deleted from the disk and only resident in memory. The user mode application communicates with the device driver to infect the "userinit.exe" file on disk. The infected file is detected as "MachineDog!inf".
Since the virus overwrites the file, any file detected as "MachineDog!inf" will have to be restored from backup.
Symptoms -
Outbound network connection to yu.8s7.net
Method of Infection -
This virus uses kernel mode device driver to infect "userinit.exe" using direct write operation on Harddisk0.
Removal -
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
McAfee Threat Center
Variants -
N/A
This is a detection for a file infector virus that uses kernel mode driver to infect the "%system%\userinit.exe" file on disk.
Characteristics -
Upon execution the virus drops and installs a device driver named "pcihdd.sys" from %system%\drivers directory.
Once the driver is installed the "pcihdd.sys" file is deleted from the disk and only resident in memory. The user mode application communicates with the device driver to infect the "userinit.exe" file on disk. The infected file is detected as "MachineDog!inf".
Since the virus overwrites the file, any file detected as "MachineDog!inf" will have to be restored from backup.
Symptoms -
Outbound network connection to yu.8s7.net
Method of Infection -
This virus uses kernel mode device driver to infect "userinit.exe" using direct write operation on Harddisk0.
Removal -
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
McAfee Threat Center
Variants -
N/A