Win32/Etap [Threat Name] go to Threat
Win32/Etap.E [Threat Variant Name]
Category | virus |
Aliases | Virus.Win32.Etap (Kaspersky) |
W32/Etap.dr (McAfee) | |
W32.Simile (Symantec) |
Short description
Win32/Etap.E is a polymorphic and metamorphic file infector.
Executable file infection
The virus searches for executables with one of the following extensions:
- .exe
- .scr
- .dat
- .ovl
- .cpl
It avoids those with any of the following strings in their names:
- ANTI
- F-
- PA
- SC
- DR
- NO
- IE
- EX
- WO
- V
- P
If a folder name matches one of the following strings, files inside it are not infected:
- W
The virus uses the EPO (Entry Point Obscuring) infection technique.
The infiltration program code is invoked when the infected executable calls one of the following API functions:
- ExitProcess (Kernel32.dll)
Other information
The virus displays the following dialog box: