it seems to search fine for me on google, and i use mozilla/firefox.
the info i got is…
Characteristics Type: Worm
Category: Win32
Also known as: W32.Ecup (Symantec), W32/Puce (McAfee), W32/Puce!ITW#1 (WildList), Win32.Puce.D, Win32/Puce.d!Trojan, W32/Puce-H (Sophos), P2P-Worm.Win32.Kapucen.b (Kaspersky)
Description
Win32/Puce.D is a worm that spreads through peer-to-peer (P2P) file sharing networks. The worm adds itself to .zip and .rar archives in directories mostly related to P2P file sharing applications. It has been distributed as a 106,496-byte Win32 executable.
Method of Infection
When executed, Puce.D creates “Log.txt” in its current directory and opens it.
The worm copies itself to %Temp%svchost.exe, executes this copy and exits. It also modifies the registry to ensure this copy executes upon each system start-up:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunWindowsServicesStartup = “%Temp%svchost.exe 1”
Note: %Temp% is a variable location and refers to the directory designated for temporary files. The malware determines the location of the current Temp folder by querying the operating system. A typical path is “C:Documents and SettingsLocal SettingsTemp”, or “C:WINDOWSTEMP”.
Puce.D also creates a mutex named “TINYpUcE” to ensure only one copy runs at a time.
Method of Distribution Via File Sharing (ZIP and RAR Archives)
Puce.D searches the following locations in drives C: to E: for .rar and .zip files:
Program filesemuleincoming
Download
Téléchargement
Archivos de programaemuleincoming
Program FilesKazaa Lite K++My Shared Folder
Program filesKMDMy Shared Folder
Program filesKaZaA LiteMy Shared Folder
Program filesMorpheusMy Shared Folder
Program filesBearShareShared
Program filesEdonkey2000Incoming
My Downloads
My Shared Folder
Program filesappleJuiceincoming
Program filesGnucleusDownloads
Program filesGroksterMy Grokster
Program filesICQshared files
Program filesKaZaAMy Shared Folder
Program filesLimeWireShared
Program filesOvernetincoming
Program filesShareazaDownloads
Program filesSwaptorDownload
Program filesWinMXMy Shared Folder
Program filesTeslaFiles
Program filesXoloXDownloads
Program filesRapigatorShare
It also checks this location in drives C: to G::
Incoming
Puce.D adds itself to .rar archives as “setup.exe“. The worm attempts to add itself to .zip archives as “Setup.exe“. If the .zip already contains a file of that name, the worm then attempts to add itself as “Install.exe“, and as a last resort as “_Run_Me_First.exe“. If a .zip contains all three filenames, the worm bypasses the file without adding itself. It also bypasses any .rar or .zip archive containing the file “_trash.tmp“.
After adding itself to a .rar or .zip archive, the worm adds the empty file “_trash.tmp” to use as a marker. Puce.D may also decide to rename the archive as:
<filename> updated-fixed <mm>-<yyyy>.<extension>
where:
<filename> is the original name of the archive
<mm> is the current system month
<yyyy> is the current system year
<extension> is either an .rar or .zip file extension
For example, for a file named “test.zip“, the new filename could be “test updated-fixed 08-2006.zip“.
Note that because the worm adds itself to .rar files without checking whether the archive already contains a file of that name, the .rar file could contain two files with identical names. Therefore when extracting the archive, the affected system usually displays a message box warning the user that the file already exists, and asking whether they want to overwrite it. If the user selects “No“, the system does not overwrite the original file with the worm file. If the user selects “Yes“, the system extracts a copy of Puce.D and the file size will be 106,496 bytes (104K).
After adding itself to all suitable archives, Puce.D ceases activity for approximately 15 minutes, then repeats the distribution cycle again, adding itself to any new archives it discovers.
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=57812
none of this really makes any sense to me tho as im wank when it comes to computers.
