Fun.exe
 | This article needs additional citations for verification. (November 2009) |
The Fun.Exe virus is of the w32.Assarm family of computer viruses. According to Symantec[1] it registers itself as a Windows system process then periodically sends mail with spreading attachments as a response to any unopened emails in Outlook Express. This virus first appeared in early 2008 and is now recognized by most anti virus programs.
Infection
The virus will install multiple copies of itself throughout the system. It makes itself hard to remove by installing many different copies with different names in different locations. The running copy is a system process and will restart if it is closed manually. It adds itself to auto run information so that it executes multiple copies on startup. The copies monitor each other and will restore each other if one is deleted. This makes deleting from Windows nearly impossible.
Known file names used by the virus are Fun.exe, DC.exe, Other.exe, SVIQ.exe, win.exe, WinSit.exe, Windev.exe, and thisisnotmalwarelol.exe. This malware is usually embedded on PowerPoint documents. This allowed to malware to bypass most antiviruses, including Sophos and Kaspersky.
The file icon is made to look like the icon for a folder, inviting the user to open the folder when actually they are running the program thus starting the initial infection. However the graphic icon for the folder is poorly ripped from Windows service icons and can be distinguished by subtle visual differences, predominantly white below the black outline of the folder which on the real folder icon is dithered to transparent space. This visual difference is especially noticeable in safe mode when graphic operating capacity is in 256 color mode instead of 24 bit color mode.
The files show a creation date of 6-23-2008 and show an original name of Olalatheworld.exe and an internal name of Olalatheworld. The files are 124,928 bytes in size. These characteristics can help distinguish the infected files, which is important because some of the names used by the file are names of legitimate Windows files and therefore care must be taken not to accidentally remove a vital Windows file.
References
- ^ "W32.Assarm@mm Technical Details". Archived from the original on January 16, 2009.
 | This malware-related article is a stub. You can help Wikipedia by adding missing information. |
Content Disclaimer
Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.
- The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
- There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
- It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
- Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
- Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.