W32.ExploreZip.F.Worm


Aliases: N/A
Variants: Worm.ExploreZip 

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 11 Sep 2000
Damage: High

Characteristics: W32.ExploreZip.F.Worm is mass mailer worm but the only difference is that it sends emails to the unread messages in the inbox of Microsoft Outlook, Outlook Express, and Exchange. Attachments are comprised of an “.exe” file named “Zipped_files.exe.” This is a copy of the worm that automatically finds computers connected in the network as well as mapped drives for Windows installation. As with any other worm, it also alters the win.ini file and copies itself to the window directory folder.

More details about W32.ExploreZip.F.Worm

This virus can be removed manually by first disabling your system restore and restarting in safe mode. After which, you’ll have to terminate all the infected processes and files produced by the worm. This is usually done by opening Windows Task manager by pressing the following key combination: CTRL+ALT+DEL or CTRL+SHIFT+ESC. This process will open the Windows Task Manager. Check all the list of files actively running and find all the .exe files. Right click on the file and choose “end process.” A box will appear and you need to choose yes. You may also search for the infected file. Most parasites attempt to hide their tracks, so you will have to enable the displaying of hidden and system protected files.

Check all the list of files actively running and find all the .exe files. Right click on the file and choose “end process.” A box will appear and you need to choose yes. It is known that when the infected system is restarted, the worm will still be executed the second time around. Then it goes through the same spreading process again. Thus, searching for as well as infecting the Microsoft Word Global template. If it is successful, it will infect all active .DOC files. If seen, kill the processes and the entries again. You must double-click the hosts file. Make sure to deselect the "Always use this program to open this program" check box. Then scroll or find through the list of programs. When the file opens, delete all the entries added by the risk. Delete all files with .c, .cpp, .h, .asm, .doc, .ppt, .xls extensions and modify “Win.ini” files. If you have deleted all the entries, save your changes when prompted.