W32.Darjen


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: active & spreadings
Spreading: slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: easy
Platform: W32
Discovered: 25 Jul 2006
Damage: Low

Characteristics: W32.Darjen is a worm that continues to replicate itself to several drives and on local compromised computers. It also has .exe files that also automatically copies itself on the current folder it is located.

More details about W32.Darjen

The program is a worm application with downloader characteristics. It connects to remote server to download and install a possibly harmful additional component into the user’s computer. It may download spyware programs and advertising software. It may also install data mining and hack tools without the user’s consent. This computer worm may spread to other computers without the developer or remote user’s intervention. The u W32.Darjen program locates other computers over the network and creates copies of itself in folders that are open for read and write functions. The computer worm also connects to the Internet and scans other machines that may be vulnerable for exploitation. It sends data a pocket that installs the downloader component of the computer worm. This component then downloads the main body of the program.

The W32.Darjen application may make some computer modifications after successful intrusion of the user’s computer. It creates a copy of itself in the computer’s hard disk. This copy will be renamed notepad.exe. It also adds new registry values in the system start-up directory to allow the program to initiate at every system boot. The computer worm also launches the iexplore.exe process and svchost.exe. The application will try connecting to a remote server to start download. The downloaded files are hidden in the user computer.