INFO.EXE

File Behavior

INFO.EXE has been seen to perform the following behavior:

• The Process is packed and/or encrypted using a software packing process
• Executes a Process
• Writes to another Process's Virtual Memory (Process Hijacking)
• This process creates other processes on disk
• Adds a Registry Key (RUN) to auto start Programs on system start up
• This Process Deletes Other Processes From Disk
• Deletes Links in the Start Menu
• Adds a Link in the Start Menu
• Registers a Dynamic Link Library File
• Modifies Windows Initialization And System Settings Used On Start up
• Modifies the User Shell objects used to run code from other processes
• Enables the system to use a Communications Proxy Server
• Modifies the Windows Host File which could be used to stop you visiting specific web sites by redirecting you to alternative addresses without you knowing
• The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
• Modifies Windows Security Policies to restrict/expand User Privileges on the machine
• Can make outbound communication to other computers, IM chat rooms and other services using IRC protocols
• Injects code into other processes
• Copies files
• Uses Instant Messaging to communicate without the user's knowledge
• Uses embeded Instant Message Channel Settings

INFO.EXE has been the subject of the following behavior:

• Created as a new Background Service on the machine
• Created as a process on disk
• Executed by Internet Explorer
• Executed as a Process
• Deleted as a process from disk
• Added as a Registry auto start to load Program on Boot up
• Deleted as a Link in the Start Menu
• Added as a Link in the Start Menu
• Has code inserted into its Virtual Memory space by other programs
• Terminated as a Process
• Copied to multiple locations on the system