Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 01 Jan 2004
Damage: Low

Characteristics: The W32.Tupeg application is an uncomplicated virus that spreads by replicating itself to floppy disk as “mpeg_player.exe.”

More details about W32.Tupeg

When the W32.Tupeg was executed, it displays a Mpeg player application window that is fake and then there is a message that appears as ‘: movie format is invalid’. The virus replicates itself to the location such as the A:\mpeg_player, %Windir%\System32\DRIVERS\media_driver, %Windir%\MEDIA\command play having .exe extension. The virus searches for the folder of the Windows installation and then replicates itself into the folder’s subdirectories. The virus creates a %Windir%\media\jump_info.media which is a file that is not malicious. The virus sets a value in the key of the registry so that in case the Windows starts the virus will run at the same time. Also the virus shows a message box about the day. For instance is if the day today is Tuesday, then the message box contains a message ‘Today is TUESDAY’.

When removing the infected files in your system, you have to update the virus definitions. Then do the procedures on removing them. After the removal process, you have to restart the computer in the Safe Mode or end the malicious processes of the Windows Me, Windows 98, Windows 95. First thing to do is shut down your computer and then turn the power off. Wait for about 30 seconds before restarting your computer in the Safe Mode. To end malicious process with Windows XP, Windows 2000, Windows NT, just press the Ctrl+Alt+Delete just once. Then go to the Task Manager. Click Processes button. Double click on the header of the Image Name column so it will sort alphabetically the processes. Scroll the list. End the program.