Aliases: W32/Bakain
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active and Spreading
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 18 Dec 2006
Damage: Low

Characteristics: The malware W32.Bakain is a network worm that spreads by copying itself to weakly protected network shares.

More details about W32.Bakain

Also known as W32/Bakain, the W32.Bakain program infects the Windows systems and spreads by copying itself to computer network shares with weak security protection. It functions by locating remote machines and copying itself to folders that are open to the read and write function. It will scan all accessible network resources by utilizing local OS services and/or the Internet for susceptible systems. Once the worm detects a vulnerable system, it will connect to the system and gain complete access. When the W32.Bakain worm is executed in the computer system, it creates a host of files. These files include the desktop.ini and folder.htt in the folder C:\ Windows\ Web, service5.exe and iexplorer.exe in the C:\ Windows folder, and pcguard.exe in the folder C:\ Windows\ PCHEALTH.

It also add the file welcome.exe in the folder C:\ Windows\ User Profile\ All Users\ StartMenu\ Programs\ Startup, script.exe in the folder C:\ Windows\ System\, desktop.ini, about linda.exe and sysfix.htt in the folder Network Share and sysfix.htt and desktop.ini in the folder User Profile. The W32.Bakain program also connects to the website http://notebook.GustoNetwork.com/inde[Removed]. It also alters several registry entries to allow its automatic execution whenever the Windows starts. Experts suggest that this worm should be removed immediately through manual removal process to ensure complete and thorough eradication.