Aliases: Win32/Figbox.A, Win32.Figbox.A, Win32:Bifox, Worm/Bifox, Worm/Figbox
Variants: W32/Foxmagno-C, W32/Foxma.worm.d, Virus.Win32.HLLW.Bifox

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 20 Nov 2002
Damage: Low

Characteristics: On November 20, 2002, W32.Figbox was discovered. It is a virus that replicates itself specifically to the hard drive and floppy disk drive. This virus is written in the Microsoft Visual Basic programming language.

More details about W32.Figbox

The W32.Figbox virus checks for an instance of itself in the memory once it is running. However, it stops if there is an instance of the virus in the memory. If there is no instance running, it copies itself as C:\%system%\Starter.exe and A:\AVupd.exe. Once copied, the virus adds value to the System registry key. Then a message appears on the screen when the Windows starts. Thus, virus has propagated. Since its damage is level, the removal is easy. First, update the virus definitions. Restart the computer in safe mode. Once the computer turns on, run a full system scan. Delete all files detected as W32.Figbox and the value added to the registry key. Exit and reboot the computer.

For specific manual removal of the W32.Figbox, do the following. First, restart the computer in safe mode and make sure that all applications are closed. Once the computer is turned on, run a full system scan and delete all infected files with the W32.Figbox. In the registry key, remove the value added by clicking the Start menu button and right-click Run. Then, type regedit and click OK. The Registry Editor will open and navigate the key that is added. Delete the value and click registry. Exit and finally reboot the computer.