W32.Fontra


Aliases: W32/Fontra.a
Variants: Virus.Win32.Fontra.c, W32/Fontra-F, Worm/Delf.ATB, Win32/VB.NJQ

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 11 May 2006
Damage: Low

Characteristics: Last May 11, 2006, a virus called W32.Fontra was discovered that infects executable or removable files. Although, not all executable files are infected. Only files that are located in peer-to-peer or P2P shared folders are infected by this virus. This means that one computer from another are infected. This virus also downloads files and allows the remote files to be executed.

More details about W32.Fontra

The W32.Fontra virus spreads by infecting executable files through P2P applications or shared folders like Kazaa, eMule and others. It mostly affects Windows systems, namely Windows 2000, 95, 98, Me, NT, Server 2003 and XP. The virus finds peer-to-peer shared folders from the system registry keys and any files related to P2P applications. Once valid folders are scanned, the virus infects all the executable files stored in the shared folders. Then, the virus sends information to a specific remote location which is the 69.61.59.114. It also tries to download and execute files from the [http://]traff4all.biz./[REMOVED] URL. And lastly, the virus creates a particular subkey so that it can store information regarding the infection.

An indication of an infection of the W32.Fontra program is the presence of unknown system processes running in the Windows Task Manager. Desktop icons and shortcuts that cannot be uninstalled and an annoying beeping sound signaling a hardware error are also indications of this malware presence. This malware also causes the operating system to experience general instability such as decrease in Internet speed, disabled pop-up blockers, hijacked toolbars and deletion of valid system files.