W32.Dutan.A


Aliases: Worm:W32/AutoRun.DMO
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 17 Apr 2008
Damage: Low

Characteristics: W32.Dutan.A is a worm that usually infects windows executables in all drives as well as network drives of the compromised computer. Once executed, the worm automatically duplicates itself as winxpsp2.dll, csrsss.exe and or svchosts.exe in the Windows system’s folder on local, removable drives and network drives of the compromised computer. It creates autorun.inf file on the root of all drives while disabling antivirus program. Upon spreading itself to the root and available drives, it also spreads malicious files on the infected computer.

More details about W32.Dutan.A

As such, Microsoft Excel does not recognize these files properly. However, the data in the files is still intact. Also, having backdoor capabilities, it can steal private or confidential files or data from the compromised computer. It can also be destructive because of its ability to download malware on a compromised computer. Removal is moderate. You simply have to disable the system restore of your Windows Operating System, terminate system processes, and then delete any values to the registry entry and all the files infected. To do this, press the Start button and click on the Run option. This will start the Run tool. Then, type in taskmgrand and press OK. These processes will open the Windows Task Manager. Check all the list of files actively running and find all the .exe files. Right click on the file and choose “end process.” A box will appear and you need to choose yes. You may also search for the file. Most parasites attempt to hide their tracks, so you will have to enable the displaying of hidden and system protected files. Open Windows Explorer. Click on the Tools menu and select Folder Options. By doing this, you need to make the hidden files visible. From the View tab, click on the Advanced Settings list, find the option Show hidden files and folders and click on it. Then, remove a checkmark next to the line Hide protected Operating System files. By doing this, all infected files and or processes maybe seen.

After killing the processes, you may download a useful antivirus tool that will completely erase all the traces of infection in your computer. You may download it from the Internet and install it by double-clicking on the downloaded installer file. The wizard from that program will guide you through the whole installation process. After installing, run a thorough scan, the program will give you a list of files infected. You may see a “delete” or “remove” option. Please click on those in order for you to wipe all the infections. It is also a good practice to use a firewall to block all incoming connections from the Internet to services that should not be publicly available.