W32.Anirak


Aliases: Win32.HLLW.Anirak, W32/Anirak.worm, WORM_NARIK.A, Win32.Anirak.A, W32/Shackera.A
Variants: Virus.Win32.HLLW.Anirak, W32/Shak, W32/Anirak-A, Win32.HLLW.Generic.41

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Europe, South America
Removal: Hard
Platform: W32
Discovered: 13 Jun 2003
Damage: Low

Characteristics: The W32.Anirak program is a type of malware capable of injecting its codes or totally overwriting the codes of infected files. It has been observed to modify the batch or initialization files of the Windows platform to display its message box alert.

More details about W32.Anirak

When the W32.Anirak malware has been established in the system, it places the Runonce.com and Winalx.bat files in the System folder of the Windows directory. Presumably, these two files are used as the main batch and command files of the virus in delivering its payload. The Windows Registry location is modified to include the SystemR and SystemW keys. These additional keys are intended to allow the virus to automatically load its code on every restart or startup process of the infected computer system. The W32.Anirak malware also attempts to use removable storage devices as transport mechanism. To succeed in this action, it must be able to create the Karina.exe and Shakira.exe files in the target device. Once these files have been stored in the removable device, it can spread the virus code to any machine that it is plugged into.

The possibility of the W32.Anirak malware replicating across network environments is not impossible. It can move among client machines using network shares and via launching or sharing of infected file components. Practically, manual removal of any virus is seldom recommended because of the complexity of its payload. To effectively remove the W32.Anirak from an infected system, it is more practical to resort to updated antivirus engines with a current virus definition database. This will make sure that all remnants of the virus will be removed.