W32.Exiveter


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 12 Sep 2008
Damage: Low

Characteristics: Little has been known about the Exiveter virus. However, it has been found out that it contaminates all .exe files of the currently opened folder. This virus primarily executes itself from within. Files and or programs become inoperable and more importantly unusable. Data or files will become inaccessible. It will display strange characters replacing letters and numbers. This virus tends to slow down implementing long start ups and reboot time.

More details about W32.Exiveter

Reports also say that all Windows Operating System platforms can be infected by this virus. To kill its processes, you may need to go to Windows Task Manager and click “Processes”. Or press the following key combination: CTRL+ALT+DEL or CTRL+SHIFT+ESC. If it still doesn’t work, you may also press the Start button. Select on the Run option. This will execute the Run tool. Then type in taskmgrand and press OK. These processes will open the Windows Task Manager. Check all the list of files actively running and find all the .exe files. Right click on the file and choose “end process.”

According to security program developers, the W32.Exiveter program uses a root-kit design that allows it to reside in the machine's memory to hide its activity. It was believed that the installation process is done in this manner as it modifies Registry entries to load its execution file during startup, as well as hijacking some of the functionality of the Operating System installed in the machine. The main function of this malware is the potential creation of a backdoor. The backdoor may serve as an access point for some of the basic functions of the malware, such as allowing remote users to access the system. It was believed that the backdoor will serve as a pathway for incoming and outgoing transmission to and from a computer utilized by the remote user to access the machine.