You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard

Whizz.A

 
Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

Whizz.A carries out the following actions:

  • It displays messages like the following on the screen:



    One of them contains the text below:
    Hallo du Nase dein PC ist schrott
  • Even if the user closes the windows, they will be displayed again.
  • Then, the computer starts beeping through its internal speaker.
  • The mouse pointer keeps moving and the keyboard cannot be used properly.
  • It opens the CD/DVD tray.
  • The screen is progressively covered with bars like the following until it is completely covered with them:

  • It prevents the computer from being restarted in Safe mode.

Infection strategy 

Whizz.A creates the file EXPLORER.EXE in the Windows system directory. This file is a copy of the Trojan.

 

Whizz.A creates the following entry in the Windows Registry:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    explorer.exe = %sysdir%\explorer.exe
    where %sysdir% is the Windows system directory.
    By creating this entry, Whizz.A ensures that it is run whenever Windows is started.

 

Whizz.A eliminates the following entries from the Windows Registry, in order to prevent the computer from being restarted in Safe mode:

  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\{4D36E965- E325-11CE-BFC1-08002BE10318
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

Means of transmission 

Whizz.A does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Further Details  

Whizz.A is 22,528 bytes in size.