W32.Darro


Aliases: Win32.Darro.1311, Virus.Win32.Arrow.a, W32/Darro, PE_ARROW.A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: Asia, North and South America, Europe and Australia
Removal: Easy
Platform: W32
Discovered: 14 Nov 2004
Damage: Low

Characteristics: W32.Darro is a type of virus that infects files with the following extensions: .exe and .hlp.

More details about W32.Darro

This .exe and .hlp infecting virus performs some exclusive actions. Upon execution, the virus will search for files that are .exe and .hlp files to all drives. Once they are found, the virus will spread itself to the viral codes of the files. Then, the virus looks for a time condition once the infected file is opened. Then if it meets, it will produce or make a short beep. This application allegedly connects to a remote server. This allows another person to have unauthorized access to the infected computer. Commands are sent to be executed in the system. The Trojan Wopla software commonly turns the computer into a proxy server. It is used to route Internet requests. The remote user will send data through the infected system. The system will then forward it to a specific site or server. This technique hides the IP address and identity of the remote user.

Proxy servers may be used to disguise illicit activities. Spam e-mails may be sent using the infected system. Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks may be launched against other servers. Its threat assessment is low based on its damage and wild level as well as its distribution or propagation.