W32.Delcycer


Aliases: Generic.ed, Mal/Generic-A, Worm.Small.VJA, Worm.Win32.Small.q, AWORM_SMALL.GBQ
Variants: Worm:Win32/Delcyer

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Some parts in Asia, North and South America, Europe and Australia
Removal: Easy
Platform: W32
Discovered: 24 Apr 2007
Damage: Low

Characteristics: W32.Delcycer is a worm that infects Windows systems by copying itself to mapped drives. The infection length of this is 6,656 bytes. Its first appearance was on April 24, 2007.

More details about W32.Delcycer

This self-propagating worm infects Windows systems like the Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP. It spreads by replicating itself to mapped drives. The mapped drives that it refers to are the networked computer’s hard drives used for network share. Most of these mapped drives contain information that are managed and used by group of users. The worm executes in the system then creates two files which are the svchost.exe and system.exe or %System%\svchost.exe and %System%\system.exe. Then on the mapped drives, the worm creates two more files: [DRIVE LETTER]:\recycled\sys.exe and [DRIVE LETTER]:\autorun.inf. After the creation of these files, the worm will create a service. The service and display name is System Scheduler while the image path is [PATH TO WORM EXECUTABLE]. Then, the worm creates a certain registry subkey for the service mentioned. Here, the infection is spread to all mapped drives (excluding removal drives).

Data and system files may be edited, moved or deleted. Programs may be uninstalled, launched or added to the computer. The running processes of anti-malware programs are disabled. The user’s activities can be monitored. The gathered data is often sent back to the remote server. The infected system may also be commanded to participate in Denial of Service (DoS) attacks. Users also report that the worm software places infected files in shared folders. These may be shared via a local access network (LAN) or a file sharing program.