W32.Rile


Aliases: Virus.Win32.Muce.b, W32/Puce, W32/Puce.B, PE_PUCE.B, W32.Rile
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 20 Jul 2004
Damage: Low

Characteristics: W32.Rile is a virus that infects Win32 portable executable (PE) files. The worm has a payload that executes on the 26th day of each month. On that day, it will cause the mouse cursor to move randomly. It is a slow infector. It causes low damage and is easy to remove.

More details about W32.Rile

The virus W32.Rile infects Windows systems. It specifically infects Win32 portable executable (PE) files. When W32.Rile is executed, it creates the mutex called "pUcE". It creates the mutex so that only one copy of the virus will execute at a time. It also drops infected host file to the Temp folder and executes it. It then searches for .exe files to infect on all drives C through Z. When the virus finds an executable file, it will overwrite that executable with a copy of itself. The original executable will be saved in the resource section of the virus. The payload of the virus executes on the 26th day of each month. During this day, the virus will randomly move the mouse cursor every 2 seconds.

The virus may not be detected until the 26th of the month when it causes the mouse cursor to move at random every 2 seconds. When the virus is detected, it is advisable to remove it immediately. The W32.Rile software places its files in the system. The components can normally be found in the Windows directory or the System folder. Other copies of the application may also be placed in folders normally not opened by the user. This can include the Cache and Temp folders. The file names may vary for each infection. This helps the software to avoid detection. The W32.Rile program connects to a remote server to download files. These files may be instructions to be executed in the infected computer. They are more often installers for other malware programs.