W32.Drivus.A


Aliases: N/A
Variants: cmdline.exe

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 10 May 2005
Damage: Low

Characteristics: Little has been known about this worm. Like many other viruses, it infects all Windows Operating System platforms. It mostly spreads through shared folders and drops a variant of Trojan.Drivus. Traces of this worm are also known to have a folder name, “SharedDocs” in the windows directory folder. Normally, this worm’s folder is known and shared as "MyShare" and has the comment "Share Dir", which appears in the comments column in network neighborhood.

More details about W32.Drivus.A

Mostly attacking network drives and folders, W32.Drivus.A also uses IPC$ share. This will enable the worm to specify shared resources on remote machines and will try to copy itself and Trojan.Drivus into those shared folders. You may see the filenames windowsupdate.exe, winlogon.exe, netservice.exe, rundlll32.exe, scvhost.exe and cmdLine.exe but this one is created in the systems folder. It also has the capability of recording all of its action and maintaining a log file in windows folder. The log file contains the files that have been copied to the shared folders. It is also a good practice when you are using a firewall to block all incoming connections from the Internet to services that should not be publicly available. Always protect your computer by denying all incoming connections and allowing only services you trust and really know.

The application may download additional components or other adware programs into the computer. It may also automatically update itself. It regularly connects to a remote server to check for updates or downloads. The W32.Drivus.A application can slow down the Internet connection speed. This is because the program utilizes computer resources to display advertisements. It also uses the Internet connection to download additional components into the computer. This may cause traffic and clogging in the connection. This will result to slow computer performance.