Aliases: W32/Preavi, Worm.W32/Preavi@DE
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 12 Apr 2009
Damage: Low

Characteristics: W32.Preavi was discovered on April 12, 2009. This virus propagates through removable drives and infects executable files. The operating systems this virus mostly affects are Windows 2000, 95, 98, Me, NT, Server 2003, Vista and XP.

More details about W32.Preavi

One W32.Preavi is executed, it produces the pretec.dat file in the %System% folder. Then, the virus infects executable files that are existing in some particular system registry subkeys. Afterwards, the virus searches the AVWIN.INI file in the drive C and if it is present, it modifies the file. The virus contacts [http://]systemadlink.com and [http://]mswindowsxpupd.com to download other malicious files. Next, the worm produces copies of itself as [EIGHT RANDOM CHARACTERS].exe and autorun.inf in the %DriveLetter% folder.

The W32.Preavi program allows a user to take control of an infected computer. With the presence of this program, a remote user may be able to take control of the affected system and carry out some tasks on the machine. An exploit is possibly used to perform DoS (Denial of Service) attacks to other computers. A remote user takes control of the affected machine through a vulnerability on the Windows Tool Manager. This allows the user to scan the accessibility of the applications that are present on the machine. Through this tool, the user is capable of enabling and disabling the programs on the system.