W32.Pifio


Aliases: W32/AutoRun-CN [Sophos], W32/PifIo
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 29 Jun 2007
Damage: Medium

Characteristics: Also known as W32/AutoRun-CN and W32/PifIo, W32.Pifio produces copies of itself to all drives and downloads other possible harmful files. The worm also has the ability to end some particular security-related processes. This worm first discovered on June 29, 2007 and it mostly affects Windows operating systems like Windows 98, 95, XP, Me, NT, Server 2003 and 2000.

More details about W32.Pifio

Once W32.Pifio is executed, the worm creates svchost.exe under the %CommonProgramFiles% folder, DirectX9.dll under the %System% folder and IO.pif under folder [DRIVE LETTER]. Every time the drive is accessed, the worm also creates autorun.inf. After which, the worm produces a particular system registry entries and stops or disables security-related services to run like Windows Firewall/Internet Connection Sharing and System Restore Service. Also, the worm has the ability to end processes which are security-related such as Windows Security Center, taskgmr.exe, regedit.exe and msconfig.exe. Furthermore, the worm may try to download other malicious files from either [http://]ip.591down.com.cn/fz/x106.e[REMOVED]or [http://]webye163.cn/hz/[RANDOM NUMBER].exe. [RANDOM NUMBER] is a number between 1 and 20.

The W32.Pifio software connects to pre-specified remote servers. It will add other unwanted applications to the system. The files may be placed in the Windows directory or other hidden folders. The programs are registered as startup values. They are then installed and executed. The downloader application can be used to spread advertising and spying software. The application may have the ability to spread the infected files to other computers. The malicious files may be dropped in folders shared on peer-to-peer (P2P) file sharing networks. They may be labeled as popular titles of movies, music, and applications. This is so other people will download them. The files can also be placed on network shares.