Home / malware Virus:Win32/Xorer.gen!B.dll
First posted on 22 July 2019.
Source: MicrosoftAliases :
Virus:Win32/Xorer.gen!B.dll is also known as Win32/Pagipef.J, Mal/Emogen-Y, Virus.Win32.Xorer.ds, W32/Fujacks.dll, Trojan-PWS.OnlineGames.AJ, W32.Pagipef.I, TROJ_PAGIPEF.AU.
Explanation :
Virus:Win32/Xorer.gen!B.dll is a detection for the DLL component dropped by several variants of the Xorer family. It performs various system modifications to facilitate infection by Xorer viruses. InstallationVirus:Win32/Xorer.gen!B.dll may arrive in the system with various file names. It modifies the system registry so that it is loaded in all DLL files: Adds value: "AppInit_DLLs"
With data: ".dll"
To subkey: HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows Payload Modify System SettingsThis virus component modifies the following system settings as part of the overall Xorer threat event. Disable system startup in Safe Mode and Safe Mode with Networking, by deleting the following registry keys:
HKLMSYSTEMCurrentControlSetControlSafeBootNetwork{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLMSYSTEMControlSet001ControlSafeBootNetwork{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLMSYSTEMCurrentControlSetControlSafeBootMinimal{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLMSYSTEMControlSet001ControlSafeBootMinimal{4D36E967-E325-11CE-BFC1-08002BE10318} Delete additional registry keys, which are related to program debugging, group policy, and program execution:
HKLMSOFTWAREMicrosoftWindowsNTCurrentVersionImage File ExecutionOptions
HKLMSOFTWAREMicrosoftWindowsCurrentVersionGroup Policy Objects
HKLMSOFTWAREPoliciesMicrosoftWindowsSafer
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun Modify system settings for handling files with the Hidden attribute by creating the following registry entries:
Adds value: "ShowSuperHidden"
With data: "0"
To subkey: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced
Adds value: "Type"
With data: "radio"
To subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderSuperHidden Enable Autorun for all drive types:
Adds value: "NoDriveTypeAutoRun"
With data: "91"
To subkey: HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer Analysis by Dan KurcLast update 22 July 2019