W32.Philis.C


Aliases: W32.Syphilo, W32.Sophily
Variants: W32/HLLP.Philis.c, W32/HLLP.Philis.cz, W32/HLLP.Philis.ar

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 13 Oct 2004
Damage: Low

Characteristics: W32.Philics.C was discovered on October 13, 2004. This is a virus that infects PE files with .exe extensions. It also tries to steal passwords from the infected computer. Most operating systems affected by this virus are Windows 2000,, 95, 98, Me, NT and XP.

More details about W32.Philis.C

When W32.Philics.C is executed, the virus creates the YZH.exe, YZH.SYS, YZH.TMP, YZH.SYS and YZH.TMP files under the %Windir% and %currentdir% folders. The virus scans the hard drive for files and infects them. The target files are those with the extension .exe. When the files are infected, the string "Syphilis No 1" is added at the end. Also, the virus searches for passwords and other sensitive or confidential information. Once the virus searches, it sends the information to an attacker using email. This would enable the attacker to steal your password and important information.

he downloaded files of the W32.Philics.C program are commonly installers for unwanted programs. They are installed and executed so that they run in the background. The added applications may be adware, spyware and other Trojan applications. These can cause the user’s browsing habits to be recorded and used to send targeted advertisements.