Effects Harrenix.A carries out the following actions: - It passes itself off as a video of the trailer of the film Harry Potter and the Order of the Phoenix in Italian:
 - When it is run, the following error message is displayed, which indicates that there has been an error and the video cannot be played:
 - While this message is being displayed, Harrenix.A downloads a variant of a dialer in the computer, detected as Dialer.KJD.
Dialers usually try to establish phone connections with high rate numbers, significantly increasing the phone bill of the affected user. - On the other hand, if the website included in the previous message is accessed, the user will be able to view the trailer of the film without any problem:
Infection strategy Harrenix.A creates the following files: - DLD.EXE, in the subfolder TEMP of the Documents and Settings directory of the user that has logged in.
- HARRY_POTTER_ALERT_EXE, in the subfolder LOCAL SETTINGS\TEMP of the Documents and Settings directory of the user that has logged in. This file belongs to the error message that is displayed by Harrenix.A.
- SCM.EXE, in the subfolder APPLICATION DATA\MICROSOFT of the Documents and Settings directory of the user that has logged in. This file belongs to Dialer.KJD.
Means of transmission Harrenix.A does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc. Further Details Harrenix.A is 24,623 bytes in size. |