W32.Launcer.A is a computer worm that spreads by creating a copy of its files on every removable drives if found on the target system. It may drop two files, an executable file and autorun.inf file that initiate the worm when user opens the infected drive. After dropping files on specific places, this worm will display a warning message stating about the pirated version of Windows discovered on victim’s computer. More
W32.Imaut.CN is a worm that will propagate on unsafe network-shared folders and drives. It also spreads by means of malicious links sent out from an infected computer through Instant messaging software. It may also spread on other computers via removable drives. It will drop a file called NewFolder.exe and autorun.inf to all removable drives that are attached to the affected computer. W32.Imaut.CN will connect to a remote computer and download malware files and codes. More
W32.Joydotto is a computer worm that spread by creating a copy of itself to removable media drives. It also adds autorun.inf on the same folder to execute the worm when user accesses the infected drive. This worm will also download and execute more threats coming from a remote server. Stealing sensitive information from the compromised system is the other payload of this threat. More
W32.Yalove.F is a computer worm that typically spread via Yahoo! Instant Messenger program. It copies itself to all hard drives and removable drives it may found of the infected computer. This worm may also connect to a remote location to download more threats. It can disable certain Windows system tools and security programs. The worm brings potential damages that can lead to failure of some programs. More
W32.Gudek is a worm that spread by sending emails containing malicious attached file. The worm may spread locally by injecting itself to various files including .DOC, .XLS, .PPT, .JPG, .MP3, .MPG and many more. This threat also displays various text messages on the infected computer, which commend Mr. Guddu. More
W32.Ackpra.A is a computer worm that may fetch more harmful files from a remote server and execute them on compromised system. Typically, this threat will spread by creating a duplicate of itself on all removable drives and unsafe network shared drives. The worm then adds several registry entries to execute itself when affected files are opened. More
W32.Ceted is a worm that spreads by copying itself on removable drives and shared network folders. This worm drops numerous files on the compromised computer and provides them with system, hidden and read-only attributes to avoid detection. It will also search for removable devices and drop a file ntdetect1.exe when found. To gain start-up entry on Windows, the worm will insert a registry entry, which will call to execute the Trojan file. More
W32.Chod.S is a worm that can reduce security settings on the infected computer. The worm will spread via Microsoft Instant Messenger as malicious links sent to contacts gathered on compromised system. W32.Chod.S also opens a backdoor that will give remote attacker to gain unauthorized access on victim’s PC. It can block access to legitimate security web sites by modifying entries on Windows hosts file. More
W32.Mabezat.B is a computer worm. It can infect executable files and encrypt data files. W32.Mabezat.B may spread via removable drives and shared folder. It will make changes to Windows registry that may result to disability of certain functions. This worm will take advantage of the Autorun feature in Windows to execute itself when the drive is accessed. The same task is applied to spread a copy on network computer and drop a copy on network shares. More
W32.Mabezat.A can propagate via unsecured network shares and removable storage devices. The worm will drop autorun.in file so that it will run whenever the drive is accessed. It was identified as a blended threat of polymorphic worm, virus and Autorun worm. W32.Mabezat.A will display a message if the logged on user has an administrative privilege:
“You are Admin!!! Your Computer Will Not Be Infected!!!”