Users login

Create an account »


Users login

Home » Hacking News » New virus affects JPEGs

New virus affects JPEGs

by Nikola Strahija on June 16th, 2002 Anti-virus software makers have released details of a new virus that can infect JPEG files. Indicators of the presence of the virus are an increase in size of such graphic files by around 11k, and the presence of the executable Extrk.exe. Called Perrun, it infects only computers running variants of the Microsoft Windows operating system.

If infected files are transferred to another computer, they will need the Extrk.exe to be present if they are to cause any harm.

Once the viral executable runs, it drops the following files - Reg.mp3 and Extrk.exe. The former file is used to modify the registry so that Extrk.exe opens all jpeg files on the infected machine - the registry key HKEY_LOCAL_MACHINESoftwareClassesjpegfileshellopencommand is modified to extrk.exe %1.

The virus can be removed by updating virus definitions, repairing files detected as W32.Perrun and deleting those detected as W32.Perrun.dir. The default value of the changed registry key should then be restored.

"We are very concerned about its potential," said Vincent Gullotto, a computer virus researcher at McAfee Security.

"It has the abilities to mutate into something that can infect a a whole range of computer files and data."

The current form of the virus is relatively benign, Gullotto said, but it has the potential to be changed by other virus writers into a "very dangerous" piece of code, he warned.

Gullotto said the company received a copy of the virus from its creator at 1500 GMT on Thursday (0100 AEST this morning) at the company's Aylesbury, England, laboratory. he said the author of the virus wished to remain anonymous.

- article available from -

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »