McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Dtus

• WinCE.Duts.a (Kaspersky)

• WinCE/Dust.A (BitDefender)

• WinCE/Duts.1536

• WinCE4/Dust (intended name)

Characteristics

This detection is for a proof of concept file virus written for the PocketPC platform. The virus bears the following characteristics:

• it is coded for devices based on ARM CPUs.
• it is a parsitic file infector, appending itself to host files upon infection.

This is a proof of concept, and is not expected to pose any threat in the wild. We have confirmed its viability on the following devices:

• HP iPAQ 4355
• HP iPAQ H2215
• HP iPAQ H4 155
• HP iPAQ 1945
• Sprint PCS Toshiba 2032SP
• T-Mobile Pocket PC 2003 Phone Edition
• Toshiba e405
• Toshiba e740 Pocket PC
• Viewsonic V36

Upon execution, the user is prompted before infection of other files occurs:

• Dear User, am I allowed to spread?

For example:

The virus also contains other messages in its body:

• This code arose from the dust of Permutation City
• This is proof of concept code. Also i wanted to make avers happy.The situation when Pocket PC antiviruses detect only EICAR had to end ...

Symptoms

• Upon infecting a machine, the virus prompts the user (see above)
• Infected files increase in size 1,536 bytes.

Method of Infection

This virus is a parasitic file infector. Upon infecting files, it appends itself to the host file, modifying the entry point to point to the virus body.

It avoids infecting files that are already infected by adding an infection marker ('atar' in the header.)

Removal

-

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Dtus

• WinCE.Duts.a (Kaspersky)

• WinCE/Dust.A (BitDefender)

• WinCE/Duts.1536

• WinCE4/Dust (intended name)

Characteristics

Characteristics -

This detection is for a proof of concept file virus written for the PocketPC platform. The virus bears the following characteristics:

• it is coded for devices based on ARM CPUs.
• it is a parsitic file infector, appending itself to host files upon infection.

This is a proof of concept, and is not expected to pose any threat in the wild. We have confirmed its viability on the following devices:

• HP iPAQ 4355
• HP iPAQ H2215
• HP iPAQ H4 155
• HP iPAQ 1945
• Sprint PCS Toshiba 2032SP
• T-Mobile Pocket PC 2003 Phone Edition
• Toshiba e405
• Toshiba e740 Pocket PC
• Viewsonic V36

Upon execution, the user is prompted before infection of other files occurs:

• Dear User, am I allowed to spread?

For example:

The virus also contains other messages in its body:

• This code arose from the dust of Permutation City
• This is proof of concept code. Also i wanted to make avers happy.The situation when Pocket PC antiviruses detect only EICAR had to end ...

Symptoms

Symptoms -

• Upon infecting a machine, the virus prompts the user (see above)
• Infected files increase in size 1,536 bytes.

Method of Infection

Method of Infection -

This virus is a parasitic file infector. Upon infecting files, it appends itself to the host file, modifying the entry point to point to the virus body.

It avoids infecting files that are already infected by adding an infection marker ('atar' in the header.)

Removal -

Removal -

-

Variants

Variants -

N/A