-- Update August 24, 2004 --
This threat has been updated to Low-Profiled due to media attention at:
http://news.com.com/Virus%2Btargets%2B6 ... 20803.html
--
This is a detection for a 64bit PE file infector. After running an infected file, the virus will infect files in the current directory and subdirectories. Target files are 64bit PE (Portable Executable) files, such as .EXE.
The W64/Shruggle seems to be the first virus for Windows XP 64-Bit Edition running on AMD64 systems. It is related to W64/Rugrat .
Viral code is appended to the original file, containing the following text :
"Shrug - roy g biv"
It is not encrypted or polymorphic.
This virus does not infect 32bit PE files and does not function under common 32bit OS's like Windows 9x, NT, 2K or XP as long as no additional software is installed which adds support for 64bit applications