Win32/Prux [Threat Name] go to Threat

Win32/Prux.H [Threat Variant Name]

Category worm
Size 13824 B
Aliases Trojan:Win32/Nagram!rfn (Microsoft)
  Downloader (Symantec)
  Win32.HLLW.Autoruner1.57967 (Dr.Web)
Short description

Win32/Prux.H is a worm that spreads via removable media. The worm can download and execute a file from the Internet.

Installation

When executed, the worm copies itself into the following location:

  • %windir%\­comres.dll (Win32/Prux.H)

Malicious code is executed every time an infected DLL is loaded.

Spreading on removable media

The worm may create copies of itself on removable drives.


The worm searches for files and folders on removable drives.


The worm searches for executables with one of the following extensions:

  • .exe

When the worm finds a file or folder matching the search criteria, it creates a new copy of itself.


The following filename is used:

  • comres.dll (Win32/Prux.H)
Other information

The worm acquires data and commands from a remote computer or the Internet.


The worm contains a URL address. The HTTP protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files

The worm may create the following files:

  • %programfiles%\­Common Files\­Plugins\­comindex.txt
  • %temp%\­update.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.