- Panda Security's weekly report on viruses and intruders -

Virus Alerts, by Panda Security (http://www.pandasecurity.com)

This week's PandaLabs report looks at the Autoit.HW and Autorun.JOE
worms, and the PersonalProtector adware.

Autoit.HW is a worm that spreads through spoof Web pages and emails
which trick users into installing the malware on their computers. It can
also spread through removable USB drives. In this case, it takes
advantage of the autoplay feature of removable drives to execute even if
users have not run the executable file.

Once the computer has been infected with this malware, it disables the
task manager, so that users cannot see active processes on the system.
The worm does this in order to hide itself.
With the same aim, it also disables the Windows Registry editor and
folder options, so that users cannot change the option to see hidden
files or file extensions.

This worm leaves a file called Virus Information.txt on the desktop with
the following message:

Hi fri "Administrador"
It is nice to meet you . . . .
I ko thi lar, see yin kaw kin mar lar, i ka talk khin tat tal nor . . .
.
I ka girl nor, chit mar lar . . . . .
I ka u computer ko bar ma, ma loat par buu khin lo Virus write pi talk
sa tar ko , he` he` . . .
Sate so ya buu nor i ka di lo pae` . . . . ya tal ma hote lar
I name ko thi chin lar? pyaw pya par buu; bar lo pyaw pya ya mar lae`
u ka boy lar, age ka kaw?
i ka 18age girl i gamil ka comput5r3razygirl@gmail.com
bye bye . . . luu soe . . . fly kiss . .

After the malware has been running for a while, a dialog box appears
with the following message:

I am 18 girl Loikaw
Write by comput5r3razygirl@XXX.com
"Loikaw hacing day"3D virus for you USER NAME

Autorun.JOE is another worm which, like the previous one, spreads via
email and removable drives. After infecting a computer, it takes the
following malicious actions:

- Disables the task manager
- Disables Windows Registry management tools
- Disables the option to view hidden files.
- Disables the option to view hidden system files.

Finally, we look at PersonalProtector, a fake antivirus (a type of
adware). As with all such malware, it simulates the scan of the computer
and claims to detect a series of threats, which is completely untrue. It
then offers users the option to eliminate the (non-existent) malware
using a pay version of the fake antivirus.

You can find images of the process here:
http://www.flickr.com/photos/panda_security/tags/personalprotector/

More information about these and other malicious codes is available in
the Panda Security Encyclopedia
http://www.pandasecurity.com/homeusers/security-info/.

You can also follow Panda Security's online activity on its Twitter
http://twitter.com/Panda_Security and PandaLabs blog (www.pandalabs.com)

------------------------------
------------------------------
To unsubscribe from Virus Alerts, please visit:
http://www.pandasecurity.com/about/unsubscribe.asp

To contact with Panda Security, please visit:
http://www.pandasecurity.com/about/contact/
------------------------------------------------------------