W32.Voterai
W32.Voterai can propagate via removable media drives. It displays an image about a presidential candidate Raila Odinga. Once executed, W32.Voterai will make a copy itself inside Windows\System\Driver\ directory. The worm was created as a campaign material for the election in the Republic of Kenya.
Alias: Worm:W32/AutoRun.BV
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
How to Remove W32.Voterai:
FIRST AID TO STOP W32.Voterai:
If this virus have infected the system, registry and legitimate Windows files are also compromised. System Restore can reinstate clean system files by restoring the configuration to an earlier date. If a restore point was created before you got infected with W32.Voterai, please restore Windows to previous configuration.
MANUAL REMOVAL OF W32.Voterai:
1. Update installed anti-virus application to have the latest definition file.
2. Reboot Windows in Safe Mode
- After turning on the power, press F8 on the keyboard.
- Select Safe Mode from the menu.
3. Thoroughly scan the system and clean/delete all infected file(s).
4. Delete/Modify any values added to the registry if present.
- Click on Start. Search or Run regedit.exe to begin registry editor.
Note: You may refer to links on sidebar for a complete tutorial on Safe Mode and Registry Editor.
5. Exit registry editor and restart Windows.
ADDITIONAL TOOLS AND PROGRAMS:
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Technical Details and Additional Information:
Other functionalities of this Worm:
- This worm will search for any removable drives on the affected system and duplicate located files using an .exe extension. If an abc.doc was found, it will make a copy with abc.exe.
- W32.Voterai will display an image file namely Raila Odinga.gif.
Malicious Files Added by W32.Voterai:
%System%\drivers\[ORIGINAL FILENAME].exe
%SystemDrive%\autorun.inf
%SystemDrive%\smss.exe
%SystemDrive%\Raila Odinga.gif
File Location for Windows Versions:
- %System% for all versions of Windows is located under C:\Windows\System32
- %SystemDrive% refers to any drive including external removable devices.
Associated Windows Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”(Default)” = “%System%\drivers\[ORIGINAL FILENAME].exe”