W32.Acint


Aliases: W32/Acinti.worm, W32/Acint, Virus.Win32.HLLW.Acint, W32/Acint-A, Win32:Acint
Variants: Win32.HLLW.Acint, I-Worm/Cintia, Win32/Acinti.A, WORM_ACINT.A, Win32.HLLW.Cintia.45056

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Fast
Geographical info: Europe, Asia, South America, North America, Australia, and Africa
Removal: Hard
Platform: W32
Discovered: 12 Nov 2002
Damage: Low

Characteristics: This W32.Acint virus does not carry potential harmful payload. It is however considered as difficult to remove because it quickly spreads to various computer systems by attaching its codes into floppy disks. Once the disk is transferred to another machine, the virus immediately transfers itself which accounts for its quick propagation.

More details about W32.Acint

According to majority of antivirus developers, the W32.Acint virus can recursively replicate itself using the floppy disk removable storage. It creates a bitmap image file of Anna Kournikova in the root directory of the hard drive. This image file normally uses the cintia.bmp filename to mark the infected computer system. Once it successfully installs itself in the machine, it also proceeds by inserting a key in the Windows Registry. The Kernell32 registry key is added to point to the location of the Kernel32.dll.exe file which can normally be seen in the System folder of the Windows directory in the main hard drive. The W32.Acint virus also creates the files Cintia.bmp.exe and Q in the floppy drive to infect the storage media. The filename Q may also be stored in the infected local hard drive.

One indication of infection from this virus is the presence of the Student.exe file under the LANSchool folder of the Program Files directory. The effect of this virus is mostly irritating rather than destructive. To remove this infection, any commercial or third party antivirus application may be used. Some previous instances of infections also indicate that removal of the files created by the W32.Acint virus may result in the termination of the virus infection. When manually removing the virus, it is important to remove the Windows Registry key it modified and/or to make sure that it loses its ability to launch together with the Operating System. This registry entry is responsible for executing the virus on system boot up.