14 DAY TRIAL // So, we've seen a Trojan horse, a worm and now we get file infector with high damage potential and high distribution potential. Well, this is the beginning of the year I've always dreamed about (NOT). Security company Trend Micro spotted PE_PROYO.A-O in the wild and today rolled out a report informing that it might be deployed on Windows 98, ME, NT, 2000, XP and Server 2003 platforms. First of all, you should know that PE_PROYO.A-O may be dropped on your system once the user visits malicious websites infected with it. Then, just like any other recent infection, it attempts to create a new registry entry to be sure that it is executed every time Windows is fully loaded.
According to Trend Micro, the infection does not affect the files with sizes less than 1 KB and it also avoids certain folders in order to prevent detection.
"It then checks all subkeys listed under a registry key and creates a specific entry for every found subkey. This is done to ensure that the execution of the file infector everytime a debugging event is triggered for each listed subkey", the security vendor wrote in the notification published today.
And of course, the file infector aims to infect all the clean removable drives connected to the computer, just like a method to spread the infection. "This file infector drops hidden copies of itself in all physical and removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed", Trend Micro noted.
The solution to avoid the infection? Simple as taking candies from a baby: update your antivirus with the latest virus definitions, keep your security software enabled and avoid visiting malicious websites that may attempt to deploy the infection on your computer.