Win32/Pagipef!generic, W32.Pagipef.I!html, Win32/Pagipef.J
Category: Computer Virus
Some parts of Asia, Europe, North and South America, Africa and Australia
29 Nov 2007
A worm that infects executable files and spreads by copying itself to local and removable drives was discovered on November 29, 2007. This worm is W32.Pagipef.I. It affects Windows 98, XP, Me, Vista, NT, Server 2003 and 2000.
W32.Pagipef Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Pagipef from your computer.
More details about W32.Pagipef
To be able to successfully propagate, the worm performs several actions. First, it creates files and system registry subkeys. Then, it deletes three system registry subkeys that are already stored in the local machine. Also, it modifies some system registry entries. Next, the worm begins to spread by producing a copy of itself to local and removable drives from drives C to F using [DRIVELETTER]:\pagefile.pif. When the drive is accessed, the worm creates [DRIVELETTER]:\autorun.inf. Using a script tag that possibly contains malicious code, the worm infects all HTML files stored in RAR archives. The worm has the capability to stop processes that consist of the following strings: asm, ida, softice, ollydbg, metapad, mozillauiwindowclass, ieframe, cabinetwclass and 360. Then, the worm continues to work by contacting a specified web site and attempting to reboot the host computer. Thus, propagation is finished as well as its infectivity to executable files.
The W32.Pagipef.I application is also capable of spreading illicit files to other computers. This may be done through P2P (peer-to-peer) file sharing programs and instant messaging applications. P2P file sharing programs are loaded with illicit files that are disguised under filenames of legitimate programs. This is to avoid being detected as a threat. The program automatically launches on the user’s computer once downloaded. The program may also spread via removable hard drives that are shared among different computers. The W32.Pagipef.I program drops a copy of itself on all the removable hard drives on the computer. The threat may be transmitted when the hard drive is connected to an uninfected machine.