Win32/Lafee [Threat Name] go to Threat

Win32/Lafee.B [Threat Variant Name]

Category virus
Aliases Virus.Win32.Daum.a (F-Secure)
  Mal/Generic-A (Sophos)
Short description

Win32/Lafee.B is a file infector.


The virus creates and runs a new thread with its own program code within the following processes:

  • explorer.exe
Executable file infection

The virus searches local drives for files with the following file extensions:

  • .exe
  • .scr

Files are infected by adding a new section that contains the virus or by appending its code to the last section.

The size of the inserted code is 8 KB .

Other information

The virus contains a list of (2) URLs. It tries to download several files from the addresses. The HTTP protocol is used.

It can send various information about the infected computer.

The virus searches for windows with the title containing any of the following strings:

  • TibiaClient

If found, the virus creates and runs a new thread with its own code within the relevant processes.

Please enable Javascript to ensure correct displaying of this content and refresh this page.