Aliases: N/A
Variants: W32.Pavsee.C

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 13 Aug 2008
Damage: Low

Characteristics: W32.Pavsee.A was discovered last August 13, 2008. This virus infects .exe, .scr and .com files. It also downloads itself in updated versions. Through the infected files, performance of the computer might be corrupted or degraded. The virus mostly affects Windows 98,95, XP, Me, Vista, NT, Server 2003 and 2000.

More details about W32.Pavsee.A

When W32.Pavsee.A is executed, it infects executable files, .exe, .scr and .com, on fixed and mapped drives from %SystemDrive% from A to J. Afterwards the virus infects executable files, it overwrites the first 32 kilobytes with itself. The virus downloads and executes an encrypted file from any of these URLs [http://]dns911.cn/kill[REMOVED], [http://][REMOVED], [http://]baiduasp.web194.dns911.cn/kill[REMOVED] and [http://]www.lmok123.com/kill[REMOVED]. The virus has the tendency to overwrite critical system files too which can cause malfunctioning of the computer.

The W32.Pavsee.A application takes advantage of security loopholes and system errors to enter the computer. The Trojan program may unknowingly be downloaded by the user while visiting websites that are not secure. Computers that are not protected by firewalls and security programs are more susceptible in acquiring these threats. This program can also spread threats to other machines. Computers that are connected to an infected system may also be infected with threats. Other methods of transmission include P2P programs and instant messaging applications.