Aliases: W32/Rox-A, Win32/Valla.2048, Win32.Xorala, Win32.Valhala.2048
Variants: PE_VALL.A, W32/Harmony.A, W32/Rox-A, Win32.Xorala, I-Worm/Netsky.Q

Classification: Malware
Category: Computer Virus

Status: Dormant
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 24 Nov 2002
Damage: Medium

Characteristics: The W32.Valla.2048 program is a file infecting virus. This type of virus is written in assembly language. It seems this virus has obtained several distribution recently; this is perhaps because it has been "helped" by infected e-mail, network and P2P worms.

More details about W32.Valla.2048

W32.Valla.2048 is a file-infecting virus that infects portable executable files in Windows. It could infect executable files in all Windows systems. This virus doesn’t contain any payload, it would attempt to infect any ---.exe files that it locates on the the Windows' System folders and the main windows. Upon infection, file sizes will increase by 2048 bytes and the time stamp of the file would reflect the date when infection occurs. The virus would add its own code at the end of the host's executable and would then create a section named XOR. This will modify the host file entry point and attaches to the file host. So when these infected files are executed, the virus code would be executed first as well as the original file.

The W32.Valla.2048 program does not have any way of spreading by itself via networks. If your computer in infected by it, these text could be found "-= XOR 2009 Valhalla =- Assembled 1997 .. Activated 07.2002 - devoted for peace and harmony in universe against war, racism, terrorism and cruel brutality .. remember .. life is the most important thing - not money .. it's time for a revolution NOW ...." So In order for a PC to be disinfected by it, an already infected file needs to be manually run. To do this, install reputable anti-virus software in your computer and run a scan. This will detect the virus and could disinfect the files that have been infected.