GAURAV VIRUS - Info Wanted
I recently received an email requesting advice on the file 'GAURAV.DOC.pif'. Obviously, I suspected it to be a virus, but curiousity got the better of me (and my own stupidity). I saved the file and attempted to view the contents with WordPad (I was looking for textual clues). However, I think something went wrong & the file was executed, although I don't understand how.
Here's what I think it may have done, but I'm not 100% sure. It placed an executable in the Recycled bin called 'SirC32.exe', and modified the 'HKEY_CLASSES_ROOT' area of the registry to point exe files at SirC32. I noticed that Windows Explorer was behaving unpredictably - launching it would invoke multiple instances. I've since corrected the registry & removed all copies suspicious files, and Windows seems normal.
Does anyone know anything about this [potential] virus? Can someone confirm that 'SirC32.exe' is NOT a legitimate Windows file & that my corrective actions were correct? What are the symptoms of GAURAV? Does it corrupt data/files? What lasting effects may I suffer from?
Any info greatly appreciated. Thanks.