W32.Fakelove


Aliases: W32.Fakelove, Win32/Fakelove.A, Bloodhound.W32.1
Variants: W32.Falsu.A

Classification: Malware
Category: Computer Virus

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 12 May 2003
Damage: High

Characteristics: W32.Fakelove is a virus that contaminates portable executable files. For some, it is also known as Bloodhound.W32.1. It may also corrupt an infected file and this also contains a patch that will also spread the virus. These are Self-extractor or installer information files. Its infection process consists of searching kernel32.dll image base and function. Normally, if a compromised computer is running on a different Windows Operating System, the infection will not run.

More details about W32.Fakelove

This virus finds.exe files whose extensions contain ".e" on drives C through Z and all shared folder from which the virus was executed. It always deals with portable executable files having .exe extension. If it is successful, then it will patch itself at the end of this particular file. Infected files are inoperable even if they have been quarantined or repaired. Files cannot be also restored when the virus already appended itself to the file. This also follows a command that enables the payload to run every 1st of the month. If the system date is the 1st of any month, the payload is triggered. It displays the following message, “Do you Love me ? Do not Say No !” The payload removes all files on drives C through Z and all shared folder.

The W32.Fakelove application is a malware variant believed to be capable of opening up the host machine for the infiltration of remote users from the Internet or in a Local Area Network (LAN). This malware program is used by other malicious programs for opening up an invisible pathway for incoming and outgoing transactions by these applications. This malware program is allegedly composed of two functions: a client and a server. The server version of the malware is the one responsible for infecting computer systems. Many claimed that this component is the one responsible for backdoor creation and for hijacking the system for the utilization of remote users. The backdoor creation of this virus may potentially involve some of the enabled ports on the user's machine.