W32.Darker.Worm
Aliases: Worm.P2P.Darker.d, P2P-Worm.Win32.Delf.m, W32/Darker.worm!p2p, TR/Delphi.Downloader.Gen
Variants: Win32.Darker.B, Win32.Darker.A
Classification: Malware
Category: Computer Worm
Status: Active
Spreading: Slow
Geographical info: Asia, North and South America and Europe
Removal: Easy
Platform: W32
Discovered: 04 Nov 2003
Damage: Medium
Characteristics: W32.Darker.Worm is a worm that self-replicates from networks that share file through peer to peer (P2P) applications. It usually contacts an IRC service which allows another user to make commands on the system. This worm is written in Borland Delphi. It is filled with UPX.
W32.Darker.Worm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Darker.Worm from your computer.
More details about W32.Darker.Worm
Once the W32.Darker.Worm application enters the system, it creates a number of files. Its main executable file is often stored in the System directory. Random file names are used to avoid detection. It seldom uses the same file name for its components. Registry entries are also made to allow the program to run at system startup. Users report that its processes may be listed in Task Manager as a system device driver. Since this worm also copies itself through networks shared, the worm easily spreads throughout the system. Once the user accepts the command from another user which is the hacker, the worm replicates itself to the directory as svchost.exe. Afterwards, it adds a certain Registry key value. After the installation, an access is made to contact the IRC server that permits the hacker to give commands such as executing and terminating files.The worm attempts to propagate through Kazaa or Kazaa Lite, Morpheus or Grokster. Sometimes, it also spreads through email using MAPI with the following characteristics - Subject: Microsoft Windows OutLook Express urgent updates; Attachment: SVCHOST.EXE. This allows the worm to email itself to all the contacts in the email address book. After a successful connection is made, the worm is active in the system permitting executable commands from another user. The remote user then can remove the antivirus software installed in the system, delete or copy files, etc.
Browse for more malware information
- W32.Darker.Worm
- W32.Dasher.A
- W32.Datom.Worm
- W32.Dawin
- W32.Debanpass
- W32.Debsis.A
- W32.Dedler.Worm
- W32.Delcycer
- W32.Deletemusic
- W32.Demo.Worm
- W32.Denisbee
- W32.Dexter
- W32.Dinkdink.Worm
- W32.Dinoxi
- W32.Doep.A
- W32.Dolly.Mirc.gen
- W32.Donk.Q
- W32.Doomhunter
- W32.Dopbot
- W32.Dosmouse
- W32.Dotex
- W32.Dotor.A@mm
- W32.Downadup
- W32.Draggdor
- W32.Dranyam
- W32.Drivus.A
- W32.Drom
- W32.Dronzho
- W32.Duksten.B@mm
- W32.Dutan.A
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.