W32.Werle
W32.Werle is an extremely risky computer virus that will look for executable files. If found, the virus infects them by appending own code. Virus infection may cause the system to slow down and damage various system files. Severe infection may also lead to system crashes or Blue Screen of Death (BSOD) during Windows boot-up.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
During its presence, the virus will scan the computer for files with extensions such as .doc, .jpg, .mp3, .pass and .zip. Deleting these files is the primary payload of this virus. Moreover, files that cannot be deleted will be set to hidden attribute.
Distribution
The virus primarily spread through online spam activities. Email campaign and instant messaging application are the top factors in propagating this virus. W32.Werle also embeds the code to shareware applications that can be obtain from file-sharing network. With its capability to conceal itself using a highly developed mechanism, some antivirus application fails to detect its arrival.
%System%\bernie.map %System%\bernie.tmp %System%\[ORIGINAL EXECUTABLE FILE NAME].exe
How to Remove W32.Werle
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To be able to identify even the most recent variant of W32.Werle, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Scan with Norton Power Eraser:
Free tool from Symantec called Norton Power Eraser provides deep scanning technology to detect and remote threats like W32.Werle. NPE targets and eliminate threats that regular virus scan fails to identify. Download NPE here.
Important! Because of Norton Power Eraser’s aggressive method, it can select even legitimate files as suspicious. Please use this tool very carefully.