W32.Delezium


Aliases: W32/Impair-A, W32.Delezium!inf, W32/Generic.m, Worm.Win32.VB.cj
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: Some parts in Asia, North and South America, Europe and Australia
Removal: Easy
Platform: W32
Discovered: 28 Nov 2008
Damage: Low

Characteristics: W.32Delezium is a virus that is 16,384 bytes long. It infects all executable files and deletes particular files found in the computer. This is a new virus discovered last 2007 on November 28.

More details about W32.Delezium

This harmful virus infects and destroys all executable files on the computer. In most cases, it is detected as W32.Delezium!inf. It can also replicate itself. Once executed, the virus copies itself as the %System%\dotnetfx.dll file. From the registry entry, it creates the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\".Net Recovery" = "rundll32.exe dotnetfx.dll,repair". Another registry entry is created which is the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DotNetRecovery\"(default)" = "A". afterwards, the virus will look for all local and removable drives for files that can be infected. Some of the most common file extensions that will be deleted are: .3dx, .3gp, .app, .as, .asp, .aspx, .avi, .cad, .css, .doc, .gif, .java, .jpg, .mdb, .mp3, .mpg, .pdf, .ppt, .psd, .rar, .xls and .zip. After locating and deleting the files, the worm will search for all executable drives that have .exe files and infect them. Nonetheless, there is a manual removal of this virus. First, disable the System Restore. Update the virus definitions. Restart the computer in safe mode. Then, run a full system scan to clean and delete all infected files. Do not forget to delete all values added to the registry too. Restart the computer and the system is back to normal.

The W.32Delezium program can connect to a remote server. This connection is commonly made by a backdoor opened by the application. Files and instructions can be sent through the backdoor. It is often used to add other malware programs into the system. The downloaded applications are installed and executed in the system. They are also added to the system registry to make sure they also run at system startup. The added programs are typically adware and spyware programs. These display numerous advertisements in the form of pop-ups, pop-unders, banner ads and in-line text. Links and shortcuts may also be added to the desktop without the user’s consent. The requested websites and searched terms may also be recorded. These can be used to send advertisements based on user preference.