Home / malware Win32.Worm.P2P.Puce.B
First posted on 21 November 2011.
Source: BitDefenderAliases :
Win32.Worm.P2P.Puce.B is also known as P2P-Worm.Win32.Kapucen.b, Worm:Win32/Puce.L, Win32.HLLW.Puce, W32.Ecup.
Explanation :
Win32.Worm.P2P.Puce.B is virus which spreads itself by infecting RAR and ZIP archives found on computer in predefined folders.
When first executed, it copies itself into %Temp%svchost.exe and adds a key into the registry to auto-start itself : HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunWindowsServicesStartup = %Temp%svchost.exe 1
This malware will then start searching for RAR and ZIP archives inside some predefined folders, on local C,D and E drives:
Program filesemuleincomingDownloadIncomingArchivos de programaemuleincomingProgram FilesKazaa Lite K++My Shared FolderProgram filesKMDMy Shared FolderProgram filesKaZaA LiteMy Shared FolderProgram filesMorpheusMy Shared FolderProgram filesBearShareSharedProgram filesEdonkey2000IncomingMy DownloadsMy Shared FolderProgram filesappleJuiceincomingProgram filesGnucleusDownloadsProgram filesGroksterMy GroksterProgram filesICQshared filesProgram filesKaZaAMy Shared FolderProgram filesLimeWireSharedProgram filesOvernetincomingProgram filesShareazaDownloadsProgram filesSwaptorDownloadProgram filesWinMXMy Shared FolderProgram filesTeslaFilesProgram filesXoloXDownloadsProgram filesRapigatorShareT
Win32.Worm.P2P.Puce.B injects itself inside the found archives using one of these names:
Setup.exeInstall.exe_Run_Me_First.exeLast update 21 November 2011
