Palevo.A.7056 is a worm known by its executable's name, junaci.exe. Palevo spreads through the AutoRun feature of USB drives, messengers and P2P services. It works on Microsoft Windows 2000, 2003 and XP. Junaci modifies the Windows Registry and drops malicious files. It is known for only causing low damage.

Spread methods

Palevo spreads through 3 ways: USB drives, Messengers and P2P. When it gets access to any pc it adds registry key to run its code on boot.

Infecting USB

When plugging any storage device to infected computer, Junaci copies itself into UNUCI folder and creates autorun file running malicious code. After plugging the device into healthy computer, Junaci copies itself into %HOME%/csrss.exe


MSN Messenger


Junaci was written in Visual C++