W32.Widare


Aliases: Bloodhound.W32.2, W32/Rutern-A
Variants: Virus.Win32.Rutern.5244, Win32.Rutern.5244, W32/Widare, W32.Widare, W32/Rutern.5244

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 23 Nov 2003
Damage: Low

Characteristics: The W32.Widare virus is an encrypted, file appending virus which tries to infect any .exe, .scr, and .cpl files. Since this virus is dated November 24, 2003, this threat may be detected as Bloodhound.W32.2. This virus is written on Windows operating system such as Windows 2000, Windows 98, Windows 95, Windows NT, Windows Me, Windows XP, and Windows Server 2003.

More details about W32.Widare

W32.Widare virus is an encrypted, file appending virus, which tries to infect any .exe, .scr, and .cpl files. Since this virus is dated November 24, 2003, this threat may be detected as Bloodhound.W32.2. The virus infects executable files in your current working folder, Windows System and Windows folders upon execution. The virus will target files from your antivirus program vendors and would try to infect files with CPL and SCR file extensions. W32.Widare may show a message box coded by “TheWizard in Spain (2003)” and “Your system is now infected !!" upon execution on your system. All files that it found in those folders, especially with .exe, . .scr, and .cpl file extensions will be infected.

The W32.Widare program commonly places a file in the Windows folder. This executable file is added to the startup registry key. Other copies may also be placed in the subfolders of the Windows directory. These files are saved with the names of legitimate Windows processes. A mutex object may also be created to monitor the installation. The application connects to a remote server. The person that developed the W32.Widare program typically controls this. Commands and instructions may then be sent for the software to execute on the infected computer.