W32.Huhk.A


Aliases: W32/Huhk.a, W32/Huhk.A, W32/Huhk.c, Worm.Win32.Huhk.c, W32/Huhk-C
Variants: Virus:Win32/Huhk.7005, PE_HUNK.NY, Virus.Win32.PcClient.NM, Mal/Behav-204, Mal/Hupig-D

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, Australia, North and South America
Removal: Easy
Platform: W32
Discovered: 29 Sep 2007
Damage: Medium

Characteristics: Viruses are commonly known in computing circles for their damaging payload. The W32.Huhk.A is no different because it was designed by its malicious author to scan the hard drive of the infected computer system and remove all executable files. This malware scans all locations of the hard drive including sub-folders, network shares, and as well as removable storage devices to find any traces of executable files that it can infect.

More details about W32.Huhk.A

The presence of the W32.Huhk.A in a compromised computer system means that the Explorer process of the operating system will become infected. This particular malware on its initial execution will copy the Explorer process and move it from its current location in the directory folder of the operating system to a temporary folder on the hard drive. The process filename will also be changed but the EXE file extension will be retained by the W32.Huhk.A malware. The virus will inject its code into the operating system process to corrupt its functionality. Once the Explorer process of the operating system becomes infected, it functions as the trigger file for the W32.Huhk.A allowing it to target all executable files that it can find.

By infecting the Explorer process, the W32.Huhk.A can successfully target executable files which are stored not only in the local hard drive but on weakly protected network shares and removable storage devices as well. Unlike other viruses, a file infected by the W32.Huhk.A will not increase in size. This is because it injects its code into the slack space of the executable file. The result is that no section of the file will increase in size. This makes it harder to identify if an executable file has been infected by the W32.Huhk.A malware.