W32.Proyo


Aliases: W32/Proyo
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 02 Nov 2007
Damage: Low

Characteristics: W32.Proyo was reported on November 2, 2007. W32.Proyo is a virus that prepends its viral code to all PE executable files which have .exe or .scr extensions. These files are mostly found in all fixed and removable drives. This virus has the ability to lower security settings in the computer also. Windows 98, 95, XP, Me, Vista, NT, Server 2003 and 2000 are the operating systems this virus mostly affects.

More details about W32.Proyo

Once W32.Proyo is infected, it creates copies of itself to the same folder using the .dmj file extension. Then, the virus produces another copy of itself using oyo.exe in the %System% folder. Next, the virus modifies some system registry entries to be able to lower the security settings of the computer. Some system registry values are also modified while a particular system registry subkey is deleted by this virus. Afterwards, the virus injects its viral code to the explorer.exe process and searches all .exe and .scr files. In the root folder of all fixed and removable drives, the virus copies itself as oyo.exe and autorun.inf.

The W32.Proyo software may display targeted search results to the user. Once users attempt to use search engines, it redirects them to predetermined search results or a website that advertisers various software. It may display pop-up advertisements continuously. This may cause the Internet connection to become sluggish. It may also interfere with the user’s computer activities.