W32.Invictus.dll


Aliases: W32/Invictus.dll, Win32.Invictus.5632, W32/INVICTUS-A, Win32/InvictusDLL, PE_INVICT.A.DLL 
Variants: Virus.Win32.InvictusDLL.099, Virus.Win32.InvictusDLL.101.a, Virus.Win32.InvictusDLL.102, Virus.Win32.InvictusDLL.103.a, Virus.Win32.InvictusDLL.200.a

Classification: Malware
Category: Computer Virus

Status: Dormant
Spreading: Slow
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 22 Aug 2001
Damage: Medium

Characteristics: The W32.Invictus.dll malware is a DLL or dynamic link library file which can be utilized by viruses for propagation purposes. This DLL file is actually harmless on its own. This file is known to be created and used by the W32.Toal.A@.mm mass mailing worm and it is very vital to the worm’s propagation techniques. Without this DLL file, the worm will not work properly.

More details about W32.Invictus.dll

The malware W32.Invictus.dll is used by virus writers for minimizing their workload when creating worms and W32 viruses. This malware can import code from the Imagehlp.dll Windows file and if this file is not found on the computer, the malware will not work. Once a compromised file that utilizes the W32.Invictus.dll is run, the malware will copy itself to the system and execute. This malware contains a number of standard routines to infect files, utilize polymorphic tactics, send infected emails and enumerate network resources. When using this virus helper, virus writers only have to use the library functions properly and include some personalized routines since almost all of the viral functions are already employed in the DLL file. This DLL file is packed using UPX.

When the W32.Invictus.dll infects files, it will configure the host applications’ entry point address to 0 in order that the operating systems Windows XP, NT or 2000 will not recognize the applications as genuine W32 applications, and will be incapable of running them. On the other hand, operating systems Windows ME or 9x does not verify the files’ integrity and will run infected files so that the control flow is transferred to the virus’ code. To remove the infection caused by the W32.Invictus.dll, you first have to pinpoint the malware that used it to enter the computer system. You can start by using the Search function inherent in all Windows Operating Systems. In the Search box, type in the filenames dropped by the malware as well as the W32.Invictus.dll. When found, delete all files. Downloading a competent antivirus program and using it to scan the system is also a viable option.