Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 16 Dec 2002
Damage: Low

Characteristics: The W32.Tulu application tries to replicate itself to the drives of the floppy disk in a few minutes.

More details about W32.Tulu

Once the W32.Tulu was executed, it tries to replicates itself as a%system%\Rundll32 and %windir%\Msconfig32 file having .exe extension. The virus searches folder of the Windows installation and then replicates itself to the found location. This is the C:\Winnt or C:\Windows by default. Also to the C:\Windows\System32 (only Windows XP), C:\Winnt\System32 (Windows NT and Windows 2000), or C:\Windows\System (Windows Me, Windows 98, and Windows 95). The virus tries to add values to the key of the registry so that every time the Windows starts the worm run at the same time. The virus will then try to locate the global template of the Microsoft Word, Normal.dot. In case the virus searches the file, it will infect the file by means of macro virus. The macro virus has the purpose of executing the W32.Tulu.

It is recommended to have a great antispyware or anticirus software that can detect the W32.Tulu virus. Software that can detect the macro components of this virus. The virus stays at the resident of the memory. Every minute that passes, it tries to replicate itself to the Drive A. When removing the added value to the registry, you must first go to the Start and Click the Run button. The Run dialog Box will then appear. Just type the regedit and then click the OK button. The Registry Editor will then open. You have to navigate a key and then delete the ‘shell’ value that is located at the right pane and then go to the Registry then click on the Exit button of the Registry Editor.