W32.Vimm


Aliases: W32/Vimm, Virus.W32.Vimm, Win32/Vimm, Virus.Win32.Vimm
Variants: Virus.W32/Vimm, Win32.Vimm, Virus.Win32/Vimm

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 04 Mar 2008
Damage: Low

Characteristics: The W32.Vimm application is a virus that can infect executable files on removable, local, remote unsecured remote drives to distribute itself. It affects Windows 95, Windows 2000, Windows 98, Windows NT, Windows Me, Windows Server 2003, Windows XP and Windows Vista.

More details about W32.Vimm

Once W32.Vimm virus is executed, it copies of itself as .log in the windows folder and .exe in the system folder. This virus will create registry entries in order to run every time the Windows starts. W32.Vimm virus infects executable files found in removable, fixed, and network drives. The files that are infected by this virus will be increased by around 27,648 bytes and when these infected files are executed, it will create a temporary file named [RANDOM FILENAME] [INFECTED FILENAME].exe. This temporary file is in fact the original file before it was infected.

Users often receive the W32.Vimm software via e-mail or instant message. The message may appear to be from an acquaintance or trusted source. It can be labeled as a necessary update for a program already installed in the machine. It may also be disguised as an e-card. Once the attached file is opened, the components of the malware program are automatically downloaded and added to the system. The W32.Vimm program may use random file names for its components. It can also use the names of core system processes. This is supposedly done to prevent detection and removal. The processes are commonly placed in the Windows or System directory. Additional copies of the malware application can also be placed in hidden folders. The processes are added to the system registry. This is so it can run during system startup.