Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 29 Jul 2003
Damage: Low

Characteristics: W32.HLLW.Egar.int is a worm that uses Kazaa programs to propagate. Users using peer-to-peer sharing programs are prone to being infected by this worm. It is believed that there are still a lot of bugs in the program. Once executed, it modifies system registries so that it runs when windows starts. The worm cannot continuously be successful in copying itself.  It affects all Windows Operating System platforms namely Windows 2000, Windows 95, Windows 98, Windows NT, and Windows XP.

More details about W32.Egar.int

The author chose to write this in Visual Basic format. Using Kazaa network, a peer-to-peer sharing program and its shared folder, this worm creates folder and/or files such as hlkeygen.exe, cskeygen.exe, Windows XP Keygen.exe, Windows .NET KeyGen.exe, Windows .NET Enterprise Server KeyGen.exe, Windows .NET All Version Activation Crack.exe, Windows .NET All Version KeyGen.exe, Windows .NET WPA Crack.exe, Windows .NET Activation Hack.exe, Windows XP WPA Crack.exe, Cisco Hacker.exe, Cisco Hacker 2003.exe, Cisco Hacker v4.0.exe, Cisco Scanner 2.exe, Cisco Scanner Lite.exe, Cisco Scanner Setup.exe, and Proxy Scanner v4.0b.exe. All the program files infected by this worm tend to be hidden and would be hard to detect. Most parasites attempt to hide their tracks, so you will have to enable the displaying of hidden and system protected files.

The W32.Egar.int program may also open a backdoor to the victim computer. Once the backdoor has been executed, the hacker may perform several malicious actions. The hacker could use the victim computer to engage in denial of service (DoS) attacks. The hacker could also transmit critical information to a remote server. Some users whose computers have been infected with this program have reported that their USB ports have been disabled. The malware may also disable the system restart and shutdown. It does not offer an End User License Agreement (EULA) before and during its installation. It does not provide a completely functional uninstaller.