W32.Bolgi.Worm


Aliases: Worm.Win32.Bolgi, W32/Bolgimo.worm, W32.Bogi.Worm, Worm/Bolgi.A, W32/Bolgi-A,Worm:Win32/Bolgimo.A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: dormant
Spreading: slow
Geographical info: North and South America, and some parts of Europe,Asia and Australia
Removal: Easy
Platform: W32
Discovered: 20 Nov 2003
Damage: Low

Characteristics: The W32.Bolgi.Worm worm allegedly uses Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability under TCP port 445.

More details about W32.Bolgi.Worm

The W32.Bolgi.Worm program is known as a network aware worm that targets Windows 2000 and Windows XP machines. Other windows operation besides those mentioned are lucky and don’t need to worry about this worm. This worm uses Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability under TCP port 445. Once opened, it will create a mutex called 'Bolgimo.’ If this mutex did not open, then the worm will also automatically exit. The worm also continuously tries to download the file to the system 32 directory file of your Windows Operating System. This program also shows a text named as 'RPC_VIRUS.txt'. This is usually saved in the computer user’s desktop. It also contains the text “ “!!!!!!!!! YOUR COMPUTER IS VULNERABLE TO THE RPC EXPLOIT !!!!!!!!! THE PATCH HAS AUTOMATICALLY BEEN DOWNLOADED TO YOUR DESKTOP AND IS RUNNING NOW PLEASE FOLLOW ITS INSTRUCTIONS AFTER IT IS INSTALLED, RUN A VIRUS SCAN IMMEDIATELY IT IS EVEN RECCOMMENDED TO REFORMAT YOUR SYSTEM(don't forget to patch afterwards).” If you see this message, then your computer is infected. The message will say that your computer will automatically shut down but it will not.

A computer that is infected with this worm program also appears to run slower than usual. Users may also notice constant shutting down and restarting of the system without their command. In some cases, the keyboard and the mouse of the computer does not work.