Win32.HLLP.Hanta.A

( W32/HLLP.Hantaner.A, W32.HLLP.Handy, Win32/HLLP.Hantaner, Win32.HLLP.Hantaner, W32.HLLP.Handy, W32/EnerKaz )

SINTOMAS:

Files in KaZaa shared folders grow in size.

DESCRIPCIÓN TÉCNICA:

This is a harmless executable prepender; the virus itself is a portable executable file of about 24K. The virus is written in Borland Delphi language and it\'s compressed with the UPX utility.

The virus spreads through Kazaa Network by infecting the shared files of the victim. When run, the virus fetches from the registry the Download Folders of the popular file-sharing utility KaZaa. After that it infects all exe extension files from the current directory, from the Kazaa shared folder and Internet Explorer current download folder.

The infection is made by shifting the original body and the writing its own body in the remaining space. When an infected file is executed the virus will create a temporary file, it will write the original file there and then it executes that file.

The virus does not have any payload.

INSTRUCCIONES DE LIMPIEZA:

BitDefender can disinfect or delete automatically the files infected by this particular virus. The modified registry entries should be corrected manually.

1. If you don\'t have BitDefender installed click here to download an evaluation version;


2. Make sure that you have the latest updates using BitDefender Live!;


3. Perform a full scan of your system (selecting, from the Action tab, the option Prompt user for action). Choose to delete all the files infected with Win32.HLLP.Hanta.A.

ANALIZADO POR:

Sorin Victor DUDEA
BitDefender Virus Researcher

Mihai Chiriac
BitDefender Virus Researcher