McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• Trj/W32.Boro

• TROJ_PIKA.A

Characteristics

This trojan written in Visual Basic delivers a file deletion payload when run on the victim machine.

Upon execution, it attempts to delete various system files from the C:\WINDOWS directory (directory path is hardcoded in the trojan). Target files include:

• C:\WINDOWS\WIN.INI
• C:\WINDOWS\SYSTEM.INI
• C:\WINDOWS\CHARMAP.EXE
• C:\WINDOWS\NOTEPAD.EXE
• C:\WINDOWS\SYSTEM
• C:\WINDOWS\COMMAND
• C:\WINDOWS\SETDEBUG.EXE
• C:\WINDOWS\SCANDSKW.EXE

By deleting WIN.INI and SYSTEM.INI, the machine will fail to boot the next time.

If any of the targeted files are not found, the program will stop executing and the following error message will be observed:

Symptoms

Removal of the following files from the C:\WINDOWS directory:

• SYSTEM.INI
• WIN.INI
• CHARMAP.EXE
• NOTEPAD.EXE
• SETDEBUG.EXE
• SCANDSKW.EXE

Method of Infection

The trojan delivers a file deletion payload when executed on the victim machine.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• Trj/W32.Boro

• TROJ_PIKA.A

Characteristics

Characteristics -

This trojan written in Visual Basic delivers a file deletion payload when run on the victim machine.

Upon execution, it attempts to delete various system files from the C:\WINDOWS directory (directory path is hardcoded in the trojan). Target files include:

• C:\WINDOWS\WIN.INI
• C:\WINDOWS\SYSTEM.INI
• C:\WINDOWS\CHARMAP.EXE
• C:\WINDOWS\NOTEPAD.EXE
• C:\WINDOWS\SYSTEM
• C:\WINDOWS\COMMAND
• C:\WINDOWS\SETDEBUG.EXE
• C:\WINDOWS\SCANDSKW.EXE

By deleting WIN.INI and SYSTEM.INI, the machine will fail to boot the next time.

If any of the targeted files are not found, the program will stop executing and the following error message will be observed:

Symptoms

Symptoms -

Removal of the following files from the C:\WINDOWS directory:

• SYSTEM.INI
• WIN.INI
• CHARMAP.EXE
• NOTEPAD.EXE
• SETDEBUG.EXE
• SCANDSKW.EXE

Method of Infection

Method of Infection -

The trojan delivers a file deletion payload when executed on the victim machine.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

N/A