Este AIO tiene - como gran cantidad de AIOs - un virus dentro. En este caso es el W32.Pinfi.
A seguir, reproduzco lo que dice la página de Symantec al respecto:
W32.Pinfi is a memory-resident polymorphic virus that will infect the .EXE and .SCR files. This virus can also spread via mapped drives and network shares.
Also Known As: Win32.Parite.a [KAV], W32/Pate.a [McAfee], Win32.Pinfi.A [CA], PE_PARITE.A [Trend], W32/Parite-A [Sophos], Win32/Parite.A [RAV]
Type: Virus
Infection Length: ~177,917 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, OS/2, UNIX, Linux
DETALLES TECNICOS:
Upon executing a file infected with W32.Pinfi, the virus will perform the following:
Adds the registry value:
PINF
to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Appends itself to Explorer.exe to remain memory-resident.
Appends itself to all the .EXE and .SCR files that it finds on all the local and mapped drives. The virus contains an algorithm to slow the infection, so the virus will only infect a few files at a time.
W32.Pinfi will create a tempfile in the temporary folder. It will get the temporary folder by using a Windows API. The tempfile that this virus creates will always have the following name:
[3 random letters][4 random hexadecimal digits].tmp
The file that the virus creates is a UPX-packed executable file. The virus will execute the temporary file, and it is this file that will attempt to infect files over network shares.
Más información en:
http://securityresponse.symantec.com/avcenter/venc/data/w32.pinfi.html
