W32.Sinus


Aliases: Win32.Suns.3912, W32/Sinus, Win32.Sinus.3912, W32/Suns-A, Win32/Sinus.A
Variants: PE_SUNS.3912, W32/Suns.3912, W32/Suns.3912, Win32:Sinus, Win32/Sinus

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 18 Jan 2002
Damage: Low

Characteristics: The W32.Sinus program is an anti-heuristic virus that contaminates programs in shared programs and directories when it is opened from Windows Explorer. The virus runs a backdoor to the contaminated Windows 95/98/Me based computer.

More details about W32.Sinus

The W32.Sinus is an anti-heuristic virus that contaminates programs in shared programs and directories when it is opened from Windows Explorer. The W32.Sinus virus runs a backdoor to the contaminated computer. When the W32.Sinus virus is opened, there is a 1 out of 8 possibility that it will contaminate all executable programs in all shared programs or directories on the computer. The virus identifies which Windows version is used on the computer. If the PC is using Windows 95/98/Me, then the W32.Sinus virus makes a new full access share for the directory of Windows.

This application connects to remote file servers to be able to download and install unwanted files and programs on the affected computer. These components are said to be codes of malware programs and other files that may decrease the computer’s security. The W32.Sinus stops the remote admin dialog in the Passwords Control Panel. The share is named as “ADMIN$” and is secured by a password that’s known to the author of the virus and hidden from the client of the PC by a registry trick. Lastly, The W32.Sinus virus duplicates itself to the directory of the system and changes the registry key to point to the infection. This causes the infection to be opened and a program to be contaminated whenever a .exe file is opened from Windows Explorer.