W32.Renadoc.A


Aliases: W32/Renadoc.A, Trojan.Agent.CANY, BKDR_VB.EPQ, W32/VB-DRN
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 20 Oct 2006
Damage: Low

Characteristics: W32.Renadoc.A is a virus. It copies itself to folders on the infected computer. The virus searches for .doc files and renames them to .exe files. It also disables the Task Manager and Registry Editor. The virus may arrive as a dropped file from the network or mapped drive.

More details about W32.Renadoc.A

The virus infects Windows systems and spreads through network or mapped drives. Once W32.Renadoc.A is executed, it copies itself as the following files: Direct.com, Desktop.com, Check.exe, Scan.pif, and [PATH TO THE THREAT FILE]\.exe. It adds values to the registry so that it runs every time Windows starts. It also modifies the registry to change Windows Explorer settings and to hide files and extensions. It disables the Task Manager and Registry Editor. It then searches for .doc and .DOC files. If these files are found, the threat hides the original document. It then creates a copy of itself using the document's name. The created document will have a hidden .exe file extension. Once the virus infects the computer, it also disables the following programs: regedit.exe, taskmgr.exe, and msconfig.exe.

The activities the W32.Renadoc.A program does on the user’s computer are done stealthily. This program may take advantage of system vulnerabilities that are not patched to be able to enter a system undetected. It may also download other malicious programs and viruses. The applications downloaded by this application make the system more vulnerable. They also take up space on the computer.