W32.Naras


Aliases: Trojan-Spy.Win32.KeyLogger.jc, TSPY_RKPROC.C, W32.Naras, W32/RKPROC.B!tr, Win32/Spy.KeyLogger.NAG
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Fast
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 21 May 2006
Damage: Medium

Characteristics: W32/Naras is known as a parasitic file infector believed to be written using Microsoft Visual C++. It has rootkit capabilities and rootkit functionality that logs keystrokes on an infected computer which may steal private information on the compromised computer. Confidential email messages and/or usernames and passwords can also be sold in the Internet. The worm may also record keystrokes and takes screenshots of your computer.

More details about W32.Naras

It adds itself into every running processes and logs all key strokes and active window titles. It can also be destructive, having the ability to also download malware on a compromised computer so that it can further damage your computer’s system. File creation is also one of its characteristics. These files maybe “msinfmgr.exe,” msinfdll.dll,” msinfklg.sys” and “msinfomgr.sys". Values are also added to the registry to auto start itself when Windows starts. It is also known that infected files may not increase in size because the virus uses slack space to infect executable files. This virus also infects removable drives by inserting a viral code at the end of the code section. Then, it drops a copy of itself named "msinfmgr.exe" in the same location as that of the original host file.

The W32.Naras application is usually installed by employing deceptive pretenses and through means that do not get the user’s full consent or knowledge. It exploits frailties in the installed security settings by circumventing the security programs installed. The program usually attaches itself to seemingly legitimate programs that users believe are safe to download and install. Once these legitimate programs had been installed, the W32.Naras application is likewise installed into the computer. The W32.Naras program reportedly works on systems under Win32 Operating System platform.