W32.Philis.C

Printer Friendly Page

Discovered: October 13, 2004
Updated: October 14, 2004 12:12:33 AM
Systems Affected: Windows

W32.Philis.C is virus that infects PE files with .exe extensions and attempts to steal passwords.

Discovered: October 13, 2004
Updated: October 14, 2004 12:12:33 AM
Systems Affected: Windows

W32.Philis.C is virus that infects PE files with .exe extensions and attempts to steal passwords.

When executed, the virus creates the following files:
%Windir%\YZH.exe
%Windir%\YZH.SYS
%Windir%\YZH.TMP
%currentdir%\YZH.SYS
%currentdir%\YZH.TMP

Next, it will scan the hard drive for files with the extension ".exe" and infects them. Infected files contain the string "Syphilis No 1" at the end.

Then it will search for passwords and confidential information and may send them out to an attacker using email.