Win32/Lanc [Threat Name] go to Threat

Win32/Lanc.A [Threat Variant Name]

Category virus
Size 15000 B
Aliases Virus.Win32.Lanc.a (Kaspersky)
  W32.Lanc (Symantec)
  W32/Generic.m (McAfee)
Short description

Win32/Lanc.A is a prepending virus .


When executed, the virus copies itself into the following location:

  • %windir%\­crclan.exe (15000 B)

The following Registry entry is set:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Explorer\­Advanced]
    • "HideFileExt" = 1
File infection

Win32/Lanc.A is a prepending virus .

The virus searches local drives for files with the following file extensions:

  • .doc

When the virus finds a file matching the search criteria, it creates a new copy of itself.

The name of the new file is based on the name of the file found in the search.

The filename has the following extension:

  • .doc.exe

The original .doc file is appended to the newly created .exe file.

The virus deletes the .doc file.

When the infected file is executed, the original file is dropped to %temp%\%original_filename% .

The file is then executed.

Other information

The virus creates the following files:

  • %temp%\­~PD%random1%.tmp
  • %temp%\­~EX%random2%.tmp

A string with variable content is used instead of %random1-2% .

Please enable Javascript to ensure correct displaying of this content and refresh this page.