W95.Tenrobot


Aliases: Virus.Win9x.Tenrobot.a, Virus:Win95/Tenrobot.A, W32/Ten, W32/Tenrobo.4596
Variants: W32/Tenrobot.a, W95/Tenrobot-A, Win32/Tenrobot.A, Win95/Tenrobot

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 03 Apr 2003
Damage: Medium

Characteristics: The W95/Tenrobot program is a memory resident file appender that infects files once it is executed on Windows 95, Windows 98, or Windows Me. W95/Tenrobot gives a hacker remote access to your system through IRC.

More details about W95.Tenrobot

If a file infected is infected with W95.Tenrobot under Windows NT 4, Windows 2000 or Windows XP, the virus directly transfer control to the original host. When W95/Tenrobot is executed under the said windows system above, it makes a separate worker thread to run the remainder of its functionality. Then, it transfers control to the original host program directly. The thread performs two functions. First it hooks your file system open to request. Second, it launches a back door connection via IRC channel.

The application reportedly contacts its home server. It downloads and installs updates of itself. It can also add other malware programs to the system. These may cause adware, spyware, and Trojan software to be installed and executed. The added software also slows down regular system processes. The browser hijacker and its related advertisements consume a lot of bandwidth and affect the system’s connection.