W32.Drom


Aliases: Dowque M, Troj/QQPass-BLT
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 22 May 2007
Damage: Medium

Characteristics: W32.Drom affects mostly Windows Operating System platforms. It spreads through local and removable drives. It can also steal confidential information from the compromised computer. The worm may also record keystrokes and take screenshots of your computer and Web pages. This action is done to steal sensitive and confidential information saved and/or opened in your computer, through which, it can download and execute malicious files onto the infected computer. 

More details about W32.Drom

You may also see files such as “romdrivers.bak” which is usually found in C:\Program Files\Internet Explorer. It also continuously checks and monitors certain antivirus programs, particularly the Kaspersky antivirus applications. Once executed, the worm also modifies the system date to 1996 as well as delete and/or alter registry keys. Detecting the virus is not complicated for it may show a lot of symptoms while running. It displays a message containing, “Name: whboy and Class Name: WebDown,” as it closes the windows program. It may also scan all of the removable drives and create the file “autorun.inf.” If autorun.inf is already present in the system, it will also create a “Ghost.pif” file on the removable drive and will automatically download file from www.nice8.org/GetVer/Ver.txt. This action downloads the latest update of the virus which may increase damage on your computer.

The W32.Drom program has different modes of distribution. The application may infect the computer via ActiveX drive-by download. The download process executes when the user visit unreliable websites. The website usually contains codes that automatically initiate download and installation process. The download and installation process does not prompt the user. Other applications such as a downloader Trojan program may install the W32.Drom program into the computer.