Aliases: Virus.Win32.Chatter, WinNT.Chatter, W32/Chatter, Win2K.Ratter.1933, W32/Chatter-A 
Variants: Win2K/Cherat.1933.A, W32/Cherat.1933.A, Win2K.Cherrat.B, NT.Chatter 

Classification: Malware
Category: Computer Virus

Status: Active and Spreading
Spreading: Moderate
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 14 Jan 2003
Damage: Medium

Characteristics: The memory resident W32.Keck.1933 virus appends itself to opened .SYS files in the compromised computer. Computer viruses are categorized according to their infection routines and environment. Environment in this context refers to the operating system or application needed by a virus for infecting files within the said systems. On the other hand, the infection routine is the technique utilized by a virus for injecting its code into a file or object.

More details about W32.Keck.1933

The W32.Keck.1933 is classified as a parasitic file virus since its main task is to infect .SYS files. File viruses use a number of techniques for infecting including parasitic, overwriting, companion, OR or object modules, links, application source code and compiling libraries or LIB. As a parasitic virus, the W32.Keck.1933 can alter the code of a target file. However, a file infected with the virus will remain either completely or partially functional. Parasitic viruses are classified further according to what sector they write their malicious code to. They can be prepending, inserting or appending viruses. Prepending viruses will write their code at the file’s first sector and inserting viruses will write their code to the file’s middle sector. While appending viruses such as the W32.Keck.1933 will write their code to the file’s last sector.

Additionally, this virus will normally alter files by changing the file’s header entry point to ascertain that the instructions inside the virus code are carried out before the instructions within the infected file. The W32.Keck.1933 program utilizes rootkit tools to function stealthily on the computer. The rootkit function renames the files used by the application to appear as legitimate Windows processes. It may also disable active security features of the computer such as personal firewalls and anti-malware tools.