Win32/Tenga [Threat Name]

Detection created2005-07-14
World activity peak 2007-09-25 (0.95 %)
Short description

Win32/Tenga.Gen is a file infector.

Installation

The virus creates and runs a new thread with its own program code within the following processes:

  • winlogon.exe

The following services are disabled:

  • Windows File Protection

The virus executes the following files:

  • %malwarefilepath%
Executable file infection

The virus searches fixed drives for executable files to infect.


It also infects files stored on removable and network drives.


The virus searches for files with the following file extensions:

  • .exe

It avoids files with the following filenames:

  • ntoskrnl.exe

Executables are infected by appending the code of the virus to the last section.


The size of the inserted code is 3312 B .


The host file is modified in a way that causes the virus to be executed prior to running the original code.


The virus inserts the following text/marker into the header of the infected executable files:

  • 46 (HEX)

The marker is used to determine whether the file is already infected or not.

Other information

The virus contains a list of (2) URLs. It tries to download a file from the addresses.


The file is stored in the following location:

  • %workingdir%\­dl.exe

The file is then executed. The HTTP protocol is used.

Threat Variants with Description

Threat Variant Name Date Added Threat Type
Win32/Tenga.gen 2005-07-25 virus

Please enable Javascript to ensure correct displaying of this content and refresh this page.