W32.Drowor.A


Aliases: TR/VB.aei, Virus.Win32.Drowor.b, W32/Drowor, Win32.Drowor.A, Worm.VB-117
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 14 Aug 2007
Damage: Low

Characteristics: Drowor.A is described as Windows file appending virus. It usually infects windows executables in all drives as well as network drives of the compromised computer. This worm is said to spread through a fraud filename Google Earth .scr. This file is uncompressed and is written in MSVB5 language. This worm needs a file called, "thumbs .db.”

More details about W32.Drowor.A

No traces had been found in considering this as a dropper of other malicious files that may modify or create registry entries in the compromised computer. However, it alters certain PE binary files and Services.exe file so that is runs whenever the computer starts. Once executed, this virus monitors and sees if it is already running in memory by increasing its privileges and identifying active, running processes on the affected machine. A mutex is also created so that the worm will only run in one instance. In addition, the virus makes an effort to change the file autoexec.bat to display a message: "Don't kill me, I’m just send message from your computer" upon system startup.

The W32.Drowor.A program can be removed from the computer through manual removal process. To start, disable the system restore and restart the computer in safe mode. You may now start the process of removing the virus and fixing all the infected files by accessing Windows Task Manager. To access the Windows Task Manager, press Control, Shift, and Escape keys all at the same time. Check all the files actively running in the computer. Look for the .exe files, right click on them, and select "end process". A box will appear and select yes. You can as well search for the files that are infected. Most parasites try to hide their traces, so you will need to allow the displaying of hidden and system protected files. Now, open your Windows Explorer. Look for tools menu and click Folder Options. By doing this, you should make any files that are hidden visible. You will see a View tab. Click on the Advanced Settings list, find the option Show hidden files and folders, and click on it. Then, remove a box with a check mark next to the line {Hide protected Operating System files). After doing this, all infected files and or processes maybe seen. Every worm or virus mostly contains programs which could destroy your PC. Furthermore, some of your files are "unseen". In this condition, you may need to install a reputable antivirus program which will completely erase all the traces of infection in your machine.