What is it?
funny.exe is a file associated with the w32.funner worm. What does is do?
W32.Funner is a worm that spreads using Microsoft's Windows Messenger instant message program and modifies the hosts file.
When W32.Funner is executed, it performs the following actions:
More info and Removal @symantec
- Copies itself as:
and executes the first three files listed.
- The three files make sure that the other two are running and will restart them if any are stopped.
- These files require the MSVBVM60.DLL file, which is a component of the Microsoft Visual Basic run-time environment.
is a variable that refers to the System folder. By default this is
C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows
NT/2000), or C:WindowsSystem32 (Windows XP).
- %Windir% is a variable that refers to the Windows installation folder. By default, this is C:Windows or C:Winnt.
- Creates a log file named %System%sfirst2.log.
- Adds the value:
to the registry key:
so that the userinit32.exe runs when you start Windows.