W32.Semisoft.59904


Aliases: Win32.HLLP.Semisoft.a, W32/Semisoft.60416a, Win32.HLLP.Semisoft.60416, W32/Semisoft, Win32/HLLP.Semisoft.A,
Variants: PE_SOFT.60416, W95/Semis.G, W32/HLLP.60516, Win32:Semisoft, Win32/HLLP.Semisoft.A,

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 13 Feb 2007
Damage: Medium

Characteristics: This virus contaminates Windows executable files, including NT and 9x. The virus drops infected files on the computer system and tries to contaminate other Windows executable files.

More details about W32.Semisoft.59904

The W32.Semisoft.59904 virus tries to ping 4 different Internet Protocol addresses thought to be seen in New Zealand. Then, it runs a port, enabling remote access. The virus also tries to change the registry key to open the virus on Windows startup. There are a few variants of the W32.Semisoft.59904 virus, which have been located previously in the wild. The W32.Semisoft.59904 virus is a pretending PE infector, which duplicates under Windows NT and 9x. The virus affects the files “Setup.exe” and “Notepad.exe”, and makes clean backups of these pieces of data as Setupx.exe and Notepadx.exe. The virus drops the files Winipxa.exe, Winipx.exe, and Winsrvc.exe in the directory of Windows.

The W32.Semisoft.59904 application may download and install files without the knowledge of the user. It may download malware programs such as backdoor program, Trojan dropper application, adware program, spying software, key logger, password stealer Trojan application and worms. The application may also install data mining and rootkit tools. The program may utilize the downloaded rootkit tool to hide its presence from the computer. Rootkit tools may also hide the downloaded files by the application. The rootkit tools rename the files of the application into a legitimate Windows file. This makes the core components of the downloader Trojan program and the downloaded files hard to detect.