Yesterday we came across a sample. It is dropper of a virus called W32/Rigel.A
Once you execute it, it displays a windows(Shown below), that informs users that a scanning for a specific Trojan horse is being done.
But, the truth is quite different. While the unsuspicious user stares at this window, it starts infecting exe files. We have seen different behaviours:
- Useless files
- Runnable infected files
- Self copying file that starts processes until the machine hangs.