Tiny.D, a variant of the Tiny family, has a very small amount of virus code. This variant of Tiny shows an annoying message that is triggered by certain conditions.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
Tiny.D drops a copy of itself in the Windows System directory as follows:
As a part of Tiny.D's installation routine it adds the following registry entry to enable its automatic execution upon Windows boot up:
Tiny.D checks for the following mutex to ensure that only one instance of itself is running in memory:
If any of the following conditions is fulfilled a message will be pop up:
Here is the screenshot of the message:
Tiny.D will continually check for the said condition every 10 seconds. But once a message as been shown it will pause for 1 hour before resuming its checking.
Tiny.D is encrypted using xor with 0x8C as its key.
Date Created: -
Date Last Modified: -