W32.Pajetbin


Aliases: W32/Fakefire-A, W32/Fakefir-Gen, PE_PJTBIND.A, W32.Kotira
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 07 Oct 2007
Damage: Low

Characteristics: Also known as W32/Fakefir-Gen, W32.Pajetbin was first discovered on October 7, 2007. This virus primarily infects executable or .exe files especially on Windows systems like other malicious threats do. The systems affected by this virus include Windows 2000, 95, 98, Me, NT, Server 2003, Vista and XP.

More details about W32.Pajetbin

W32.Pajetbin performs several actions. Once executed, the virus creates files: C:\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe, C:\[RANDOM CHARACTERS]\BProtect.exe, C:\[RANDOM CHARACTERS]\BProtect.Axv, C:\[RANDOM CHARACTERS]\Set1.Ico, C:\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]#.exe then. Then, it checks if C:\vbvirus\ownerprotect.ptt is existing. Then, the virus displays a message in Chinese words which means Author Mode. In case the file does not exist, W32.Pajetbin infects all .exe files and some files are replaced as .exe files to be infected. In the system registry, the virus creates entries. Once all of these actions are done, the host computer is infected with this malicious virus.

The W32.Pajetbin software is also known for hijacking the web browser. It makes some changes on the web browser’s settings. Users may notice that the home page, search page or error page has been changed to a different site. Users may also be redirected to unsecure websites when a URL (Uniform Resource Locator) is mistyped.This application also spreads threats to other systems. Propagation may be done through P2P (peer-to-peer) file sharing programs and instant messaging applications. P2P programs are said to be full of threats that are disguised under different filenames. Unsuspecting users may mistakenly download the files. The threats are automatically launched on the system when the download is complete.