W32.Blastclan
Aliases: WORM_SOHANAD.EJ, W32/SillyFDC-AE, IM-Worm.Win32.Sohanad.as, Worm:Win32/Autorun.FJ, W32/Sality.ad
Variants: Worm:Win32/Sohanad.I, Worm.Nuqel.H, Win32.Alman.B, W32/Mabezat-B, Virus:Win32/Delicium.A
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: Europe, Asia, Africa
Removal: Easy
Platform: W32
Discovered: 13 Sep 2007
Damage: Low
Characteristics: Belonging to a class of malware considered as network aware, the W32.Blastclan program can spread its codes by using weakly protected network shares. Its routine allows it to copy an instance of itself to all network shares found in the infected computer system.
W32.Blastclan Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Blastclan from your computer.
More details about W32.Blastclan
This family of Worms has been known to attack the System folder as well as the Windows directory of the compromised computer system to install its file segments. The W32.Blastclan program has been closely associated with the presence of the autorun.ini, blastclnnn.exe, scvhosts.exe, At1.job, and hinhem.scr files which are believed to be extracted during the initial execution of this threat. Almost all of these files can be found in the aforementioned locations with the exception of the At1.job which is placed in the Tasks folder of the Windows directory. This Worm reportedly hooks certain Windows Registry keys which will allow it to automatically load during every startup or boot up process of the infected machine.This program also tampers with the registry key associated to the Yahoo! Messenger client allowing it to execute when the application is launched by the unwary computer user. The W32.Blastclan program will proceed by attempting to use the active Internet connection to download the file settings.doc from predetermined websites. This document is a configuration file which contains additional commands that will allow the Worm to initiate more malicious actions in the infected computer system. The file new folder.exe is used by the W32.Blastclan Worm to execute in various network shares found in the machine. An accompanying autorun.inf file is also installed to allow the Worm to mimic a shared network drive. When it successfully tricks the computer user into thinking that it is a network drive, it will begin to deliver its payload once it is accessed.
Browse for more malware information
- W32.Blastclan
- W32.Blatic.A
- W32.Blebla.Worm
- W32.Bluven
- W32.Bobax!gen
- W32.Bolgi.Worm
- W32.Borm
- W32.Botou
- W32.Bratsters
- W32.Bropia
- W32.Browaf
- W32.Buffy.D
- W32.Bugsoft
- W32.Bumper.Worm
- W32.Burmec
- W32.Buzzard@mm
- W32.Cabreck
- W32.Casail.A
- W32.Cassel
- W32.Cblade.Worm
- W32.Celebite.Worm
- W32.Ceted
- W32.Chaim
- W32.Check.Mirc
- W32.Chiko
- W32.Chir.B@mm
- W32.Chod.B@mm
- W32.Choke.Worm
- W32.Cianam.Worm
- W32.Ciosor
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.