W32.Wilsef


Aliases: Dropper.Delf.ji, TR/Delf.BT.2, Troj/Wilsef-A, Trojan-Dropper.Win32.Delf.bt, Trojan.Dropper.Delf.BT
Variants: TrojanDropper:Win32/Delf.BT, W32/Malware!58c4, W32/Smalldrp.AJY, W32/Wilsef.worm, Win32/Wilsef.A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 17 Dec 2003
Damage: Low

Characteristics: The W32.Wilsef virus is a simple program that acts as a back door and duplicates itself to floppy disks named as "Doc1.doc.exe." It affects Windows operating system such as Windows 95, Windows 2000, Windows 98, Windows NT, Windows Me, Windows XP and Windows Server 2003.

More details about W32.Wilsef

W32.Wilsef virus is a UPX compressed destructive virus that duplicates a copy of itself as DOC1.DOC.EXE in floppy disks. Once W32.Wilsef is executed on the computer, it drops UNISTW1.COM and REGSYSW.COM files in the Windows directory. It tries to connect with an FTP server to wait and get malicious commands from a remote user such as “execute file without the consent of the computer victim user”, “delete a directory or a file, “download and upload a file”, and infecting other files by replacing them with Unistw1.com. This program is written utilizing Visual Basic and runs on al windows operating system. The virus is likely claimed to add Regsysw.com value to the registry key in order for the virus to run when the Windows starts.

The users’ activities may be monitored and reported by the W32.Wilsef program without their consent. Programs and files may be modified or deleted. Additional malware programs can be added to the computer. The computer’s resources can also be used to participate in DDoS (Distributed Denial of Service) attacks.