EXE files are infected with the Hala virus

The Hala.A virus infects EXE files and downloads malicious programs.

Made in Visual C ++ Thanks to The most important task of a virus is to infect as many files with the .exe extension as possible on the selected computers. It then starts downloading malware from predefined websites. These include those that specialize in obtaining passwords for online games.

The virus creates two .dll files in the Windows system directory of infected PCs. It then modifies the registry and infects the explorer.exe process, which is hidden behind it. This makes it invisible in Windows Task Manager.

When the Hala.A virus starts, it performs the following actions:

1. Create the following files:
   % System% \ d3d8xof.dll
   % System% \ d9dx.dll
2. Add the following entries to the registration database:
   [HKCR \ Software \ Google]
   [HKCR \ Software \ Intel]
3. Creates a mutex to run only one instance on the infected system at a time.
4. It infects the explorer.exe process.
5. It searches for files with an .exe extension that you infect with your own code. Ignore only executable files in the following directories:
   QQ
   Windows
   Winnt
   Local Settings \ Temp
6. It downloads additional malicious code over the Internet.