F-Secure
Tools
Tiny.D
| Name : | Tiny.D |
| Size: | 4,142 bytes |
| Category: | Trojan |
| Type: | Trojan |
| Platform: | Win32 |
| Date of Discovery: | October 09, 2006 |
Summary
Tiny.D, a variant of the Tiny family, has a very small amount of virus code. This variant of Tiny shows an annoying message that is triggered by certain conditions.
Disinfection
Allow F-Secure Anti-Virus to disinfect the relevant files.
For more general information on disinfection, please see Removal Instructions.
Additional Details
Tiny.D drops a copy of itself in the Windows System directory as follows:
As a part of Tiny.D's installation routine it adds the following registry entry to enable its automatic execution upon Windows boot up:
- %sysdir%\winalert.exe
As a part of Tiny.D's installation routine it adds the following registry entry to enable its automatic execution upon Windows boot up:
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"Windows Update Notifier" = "%sysdir%\winalert.exe"
Tiny.D checks for the following mutex to ensure that only one instance of itself is running in memory:
- "[Critical_Alert]"
Payload
If any of the following conditions is fulfilled a message will be pop up:
- Day is greater than 20
- Month is not November
- Year is not 2006
Here is the screenshot of the message:
Tiny.D will continually check for the said condition every 10 seconds. But once a message as been shown it will pause for 1 hour before resuming its checking.
Tiny.D is encrypted using xor with 0x8C as its key.
Detection
F-Secure Anti-Virus detects this malware with the following updates:
[FSAV_Database_Version]Version = 2006-11-20_02.