W32.Bluven


Aliases: PE_BLUNE.A-O (Trend Micro), W32.Blune (Symantec)
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: active & spreading
Spreading: moderate
Geographical info: North and South America, and some parts of Europe,Asia and Australia
Removal: Easy
Platform: W32
Discovered: 09 Oct 2008
Damage: Low

Characteristics: The W32.Bluven program automatically starts itself when the media is accessed. It can spread and damage all document files it has found on the compromised computer.

More details about W32.Bluven

The W32.Bluven program affects all windows Operating System. Not only the compromised computer does it infect but also network systems connected on that computer and/or laptop. The W32.Bluven program is a worm that targets all removable USB drives using autorun.inf file. It automatically creates a copy of itself when it is going to infect a computer. It automatically starts itself when the media is accessed. It can spread and damage all document files it has found on the compromised computer. You may see a “found.007.exe” file on your computer as well as all networks and/or computer connected to that network. You can also see filenames such as “%DriveLetter%\B1uv3nth3x1.diz,” (drive letter) %DriveLetter%\autorun.inf,” and “%DriveLetter%\msvbvm60.dll.” When it is in the system, it targets the following files: .doc, .exe, gif, jpg,.msi, .pub, .wav, .dat, and .xls. All the infected files are converted to executable files by changing the extension to .exe causing the virus to run itself. The original will be lost and thus becomes a temporary file.

It can also infect system registry and a Windows File Protection message may appear. This protection message is a box that contains the message “Files that are required for Windows to run properly have been replaced by unrecognized version. To maintain system stability, Windows must restore the original versions of these files.” It will ask you to insert the Windows XP professional CD-ROM and action buttons may vary from Retry, More information, and cancel.