Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia
Removal: Easy
Platform: W32
Discovered: 14 Jan 2008
Damage: Low

Characteristics: The W32.Sovtank program is a virus that multiplies by contaminating .exe files and tries to change security settings.

More details about W32.Sovtank

The W32.Sovtank program is a virus that multiplies by infecting executable or .exe files and tries to lower protection settings. Once the virus is opened, the virus updates the background of the desktop image with the picture or image connected to the former Soviet Union hammer and sickle symbol. The new background is stored as the “[CURRENT BACKGROUND IMAGE FOLDER]\ussr_[6 RANDOM LETTERS].bmp” file. Take note that “[CURRENT BACKGROUND IMAGE FOLDER]” refers to the file that has the background picture originally utilized on the desktop as wallpaper. This file is usually “%Windir% or the “My Pictures” folder. The virus tries to stop predetermined applications by looking for Windows with “antivir” or “anti vir” in the title bar.

The program can enter the system through a number of means. Trojan dropper programs may have downloaded it in the system. The user may have installed it unknowingly through file sharing networks. Users often install it thinking that it is a legitimate anti-spyware program. Malware program creators typically disguise their programs as legitimate applications to entice users to use them. Security-related sites report that the W32.Sovtank virus program may enter the system through misleading messages.