Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 03 Dec 2005
Damage: Low

Characteristics: W32.Feldor.A is a known virus that adds files, modifies as well as generates registry entry and for some critical infections. All platforms of Windows are vulnerable to this worm, may it be Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP. It duplicates itself with several file names usually having an extension of .pif or .com in any of the infected computer. It drops copies of itself in windows directories in windows directory folders such as system, web, fonts, temp, help, windows.exe (on both local and removable drives) and ghost.bat.

More details about W32.Feldor.A

There are also HTML files being named as folder.htt and nethood.htm on both local and removable drives if it is connected. This HTML file exploits the Microsoft Virtual Machine com. User profiles are also being modified when this virus is present. You may see an “admin” profile that adds itself to the administrator group. It also monitors the active Windows Explorer window. If the title bar matches the folder containing the worm, it copies itself to one of the folders and launches a new copy and exits. It may also make use of email messages but not of great value in spreading the virus. This message contains, “Hello!” on its subject and message body. This email message should not be trusted and more importantly be opened.

Just like any other virus, the W32.Feldor.A program is installed without the consent or knowledge of the user. It exploits weaknesses in the system’s security to facilitate the installation of the program into the computer. When the W32.Feldor.A is launched, the hacker can customize the various features of the server program including file name, file path, port number, registry key name, services name and services description. This virus can be used by the hacker to collect personal and critical user information without the latter’s consent. It opens the computer to various risks that degrade the system’s security and integrity. It allows the execution of malicious codes and makes the infected computer a tool for initiating Denial of Service (DOS) attacks.