Content
W32/Fontra.a
- Type
- Virus
- SubType
- Win32
- Discovery Date
- 05/24/2006
- Length
- 14,256 bytes
- Minimum DAT
- 4769 (05/24/2006)
- Updated DAT
- 4769 (05/24/2006)
- Minimum Engine
- 5.1.00
- Description Added
- 05/24/2006
- Description Modified
- 05/25/2006 4:24 PM (PT)
Tab Navigation
Characteristics
- Upon execution the virus attempts to infect .exe files within folders of following p2p applications
- Emule
- Kazaa
- Shareaza
- eDonkey2000
- Gnucleus
- Morpheus
- Tries to download trojan Downloader-ASH from [http://]traff5all.biz.
- Creates a random CLSID subkey to store the timestamp information of last download attempt.
- HKEY_CLASSES_ROOT\[RANDOM CLSID]
such as:
HKEY_CLASSES_ROOT\CLSID\{BE3C0EC3-AF20-FD1D-E3C0-C3EAF201FD1D}
Symptoms
- The size of the original file increase by ~14KB to ~20KB.
Method of Infection
Propagation via Peer-to-Peer Networks:
The virus infects executable files in the the shared folders of various P2P applications. It can also infect files within the zip archives.
It appends 14,256 bytes of virus body to the host executable file.
Removal
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Variants
Variants
N/A
All Information
Overview -
W32/Fontra.a is a virus written in C that attempts to spread by infecting executables stored in folders of popular p2p applications like Kazaa, eMule, eDonkey2000 etc. It appends 14,256 bytes of encrypted virus body to the host binary. It also attempts to download Trojan Downloader-ASH from [http://]traff5all.biz.
Aliases
- W32.Fontra (Symantec)
Characteristics
Characteristics -
- Upon execution the virus attempts to infect .exe files within folders of following p2p applications
- Emule
- Kazaa
- Shareaza
- eDonkey2000
- Gnucleus
- Morpheus
- Tries to download trojan Downloader-ASH from [http://]traff5all.biz.
- Creates a random CLSID subkey to store the timestamp information of last download attempt.
- HKEY_CLASSES_ROOT\[RANDOM CLSID]
such as:
HKEY_CLASSES_ROOT\CLSID\{BE3C0EC3-AF20-FD1D-E3C0-C3EAF201FD1D}
Symptoms
Symptoms -
- The size of the original file increase by ~14KB to ~20KB.
Method of Infection
Method of Infection -
Propagation via Peer-to-Peer Networks:
The virus infects executable files in the the shared folders of various P2P applications. It can also infect files within the zip archives.
It appends 14,256 bytes of virus body to the host executable file.
Removal -
Removal -
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
