W32.Sand.6144


Aliases: Virus.Win32.HLLP.Alcaul.g, Win32.HLLP.Alcaul.g, W32/Alcop.ao, W32.Sand.6144, Win32.HLLP.Alcopaul.16384
Variants: PE_SANICH.A, W32/HLLP.Alcaul.G1, W32/Alcaul.G, Win32:Alcaul-G12, Win32/Alcopaul

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 02 Oct 2002
Damage: Low

Characteristics: W32/Sand.6144 is a virus that propagates to executable files residing in the same folder as the virus. One variant also deletes the infected file if it doesn't find files to infect. The virus affects Windows OS such as Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, and Windows XP.

More details about W32.Sand.6144

W32.Sand.6144 belongs to a family of viruses. The known variants do the process of infecting your system. The first one is the Variant A. When variant A runs an infected file, it creates and runs Kam.exe, which is the original, clean file. It finds executable files in the current folder until it finds a file that is not infected and prepends itself to that file and appends the infection marker. If it does not find a file to infect, it creates and runs Kamikaze.vbs, which attempts to delete the infected file. Second is the Variant B. When this variant runs an infected file, it creates and runs Yang.exe, which is the original, clean file and displays a message “yinyang”. It searches for .exe files in the current folder until it finds a file that is not infected; it then prepends and appends itself to that file.

The W32.Sand.6144 application distributes copies of itself on the user’s computer and network shares. The application spreads its replicates on computers connected to the local network. It searches for executable files on accessible drives and shared folders on the network. The application has polymorphic functions. The W32.Sand.6144 program searches for executable files stored on the computer. It replaces these executable files with a copy of itself. To remove W32.Sand.6144, update your virus definition and run a full system scan. When the scan application is done, delete the files detected as W32.Sand.6144. Replace the deleted files from a backup copy if you have or reinstall them.