14 DAY TRIAL // There are a lot of infections available out there in the wild waiting for a vulnerable computer but today's threat is somehow special because it attempts to harm your system by itself. How does it manage to do that? It's simple: it aims to infect absolutely necessary Windows files that are vital for the Microsoft operating system. According to security vendor Trend Micro, PE_TUFIK.H-O affects most Windows versions including Windows 98, ME, NT, 2000, XP and Server 2003. Moreover, the 'file infector' as it is named by Trend Micro, can reach your computer from another malware or as a standalone file published on a website, being downloaded with any user approval.
"This file infector may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites. Upon execution, this file infector drops several files, some of which are detected as TROJ_TUFIK.H," Trend Micro noted.
So, what files does it affect? First of all, the infection aims to reach Explorer.exe, an executable file vital for the Windows operating system. Since Explorer.exe is always opened at every system startup, the file infector will be also executed every time the Windows OS is loaded. This is a pretty smart way to avoid adding new registry entries which could be easily detected by the security tools installed on users' computers.
"It searches for all .EXE files in drives C to Z and appends its code to the target files. Trend Micro detects infected files as PE_TUFIK.H. This file infector has the capability to damage infected files, specifically files with no resource section. It also drops an AUTORUN.INF file to automatically execute its dropped copies when infected drives are accessed," the security vendor continued.
At this time, there's no confirmation concerning the antiviruses able to detect the infection and remove it but it's recommended to keep your security tools up-to-date with the latest virus definitions and updates. And keep in mind that PE_TUFIK.H-O has a damage potential set too high so it's pretty dangerous for your computer...