W32.Apove.int


Aliases: W32/Apove.worm.b, W32/Apove.worm.a, W32/Apove-A, Win32:VB-EMX [Wrm], Worm:Win32/Jpegeater.A
Variants: W32.Apove, Virus.Win32.HLLW.Jpegeater, W32/JpegEater, Win32.HLLW.Jpegeater.A, Win32/Jpegeater.A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Moderate
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 04 Jul 2003
Damage: Medium

Characteristics: Consistent with the characteristics of most computer viruses, the W32.Apove.int program injects or appends its codes into specific file types. In some instances, this virus may completely overwrite the contents of the targeted files. It may also display a message box on the computer screen to mark its infection.

More details about W32.Apove.int

A computer system that is infected with the W32.Apove.int virus may experience continuous or intermittent display of a message box with the text title "Eva ViRus VeRsIon 2.0.". The message body is written in a non-English language and has an OK button which the computer user is required to click on. When this message box is displayed, it means that the virus has already delivered its payload in the compromised computer system. Before the deployment of its payload, the W32.Apove.int virus searches the contents of all logical drives of the compromised machine for files using the JPG file extension. When the malware finds these types of files, it will attempt to copy its codes into a randomly named executable file. The original contents of the JPG file is then appended into the newly created executable file and the W32.Apove.int program deletes the original JPG file from the infected machine.

According to some antivirus developers, the codes of this virus contain a bug which prevents its created executable file from correctly executing and creating more damage. The newly created file by the W32.Apove.int program will be opened automatically using the Internet Explorer Web browser. The contents of the file in majority of the instances of infections reportedly were corrupted. Viruses for most part perform complex routines, delete various files, and may create files in different folders of the infected computer system. An updated antivirus application may be required to completely remove this virus from the machine.