W32.Xema.A


Aliases: PSW.Agent., TR/Spy.Agent.QJ.25, Vir/Win32, Trojan-Spy.Win32.Agent.qj, Trojan.Spy.Agent.
Variants: TSPY_AGENT.WAY, W32/Agent.BKYN, W32/Xema

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 11 Jun 2007
Damage: Medium

Characteristics: The W32.Xema.A program is a virus that can infect .exe files and permits unauthorized access on the infected computer. It spreads via removable media storage devices. This virus affects windows platform such as Windows 95, Windows 2000, Windows 98, Windows NT, Windows Me, Windows Server 2003, and Windows XP.

More details about W32.Xema.A

W32.Xema.A is a virus infects .exe files and permits unauthorized access on the infected computer. It spreads via removable media storage devices. This virus affects windows platform. When the worm executes, it creates .chk, .nls, .dll, and .exe file extensions on the system folder. After it creates numerous files, it will then create again files on removable storage devices. One example of it is the [DRIVE_LETTER]\Recycled\deskinf.pif. It modifies registry entries and searches for executable files on the attached removable storage device. In this process, the worm then copies files created earlier like the .chk, .nls .dll and .exe to the System folder and infects the files located on that folder. After all the processes are completed, it will then contact the particular server that will download and execute malicious files.

The W32.Xema.A program is capable of using the affected computer’s Internet connection to be able to connect to remote file servers. Once a connection has been established, the software downloads illicit components on the user’s machine. This may include adware and spyware programs, worm applications, BHOs (Browser Helper Objects), and other viruses. All the programs downloaded by this software are installed stealthily on the compromised machine. The user is not notified of the presence of these programs. Both the user’s privacy and security are compromised with the presence of the additional files. Some of these programs are able to gather vital information from the user’s computer. This includes the user’s PII (Personally Identifiable Information).