Win32/Etap [Threat Name] go to Threat

Win32/Etap.E [Threat Variant Name]

Category virus
Detection created Dec 13, 2006
Detection database version 1920
Aliases Virus.Win32.Etap (Kaspersky)
  W32/Etap.dr (McAfee)
  W32.Simile (Symantec)
Short description

Win32/Etap.E is a polymorphic and metamorphic file infector.

Executable file infection

The virus searches for executables with one of the following extensions:

  • .exe
  • .scr
  • .dat
  • .ovl
  • .cpl

It avoids those with any of the following strings in their names:

  • ANTI
  • F-
  • PA
  • SC
  • DR
  • NO
  • IE
  • EX
  • WO
  • V
  • P

If a folder name matches one of the following strings, files inside it are not infected:

  • W

The virus uses the EPO (Entry Point Obscuring) infection technique.


The infiltration program code is invoked when the infected executable calls one of the following API functions:

  • ExitProcess (Kernel32.dll)
Other information

The virus displays the following dialog box:

Please enable Javascript to ensure correct displaying of this content and refresh this page.