W32.Reper.A


Aliases: Virus.Win32.Repka.a, W32/Reper.worm, W32/Repka.A, W32/Reper-A, Worm:Win32/Repka.A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 27 Dec 2004
Damage: Low

Characteristics: W32.Reper.A is a virus that infects Windows systems. It copies itself to the disks on a computer between C: and Z:. It adds itself to the autorun.inf file to make sure that it is started automatically when the disk is inserted.

More details about W32.Reper.A

When executed, the worm drops a copy of itself using the filename VIEWER.EXE in the Windows folder; it uses N0TEPAD.EXE in the Windows system folder. In every root folder, it adds the string “Open=reper.exe” in the autorun section of AUTORUN.INF. If the file does not exist, the worm creates it. This causes the worm to run whenever the root directory is accessed, refreshed, or opened. The worm can spread by dropping copies of itself in acccessible shared folders. It also drops the file AUTORUN.INF in addition to the copies of itself. The worm terminates the following processes: cmd.exe, Taskmgr.exe, Nvtdm.exe, Regedit.exe, and any other process that contains the string proc. This ensures that the worm is not easily detected and removed. This worm is written using Microsoft Visual C.

Several studies state that many viruses, worms and other Malware such as the W32.Reper.A program are spawned to spread quickly and easily throughout networks, from computer to computer. This malware is as the same as mass-mailing worms that collects numerous e-mail addresses and have it stored on a client's PC and automatically e-mail themselves to the said collected addresses.