W32.Fiala.A


Aliases: Mal/Behav-009, Win32.Klone, Patch.UPX
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 12 May 2009
Damage: Low

Characteristics: W32.Fiala.A copies itself to infect fixed and removable files. The size of the carrier file of this worm’s code is “36, 352” bytes. It also blocks some particular applications from launching. The worm stores itself inside %CurrentFolder%\ as a file named [ORIGINAL FILE NAME].exe. Once this file is executed, the worm will self-replicate as %SystemDrive%\JR.PIF. It creates three more files and drops files which are a copy of a Trojan Horse, Hacktool.Rootkit or Trojan.KillAV. Also, the worm creates a mutex and modifies a particular registry entry. Other registry entries are also created to prevent some programs from executing. Next, the worm will try to download files from the[http://]f.wuc8.com/tt.[REMOVED] URL site and a network domain called wuc8.com. Finally, the worm propagates as %DriveLetter%\JR.PIF file.

More details about W32.Fiala.A

The W32.Fiala.A worm spreads by replicating itself. It will create files and entries inside the computer which causes damages particularly to fixed and removable drives. Most systems this worm infects include MS Windows versions, namely Windows 98, 95, XP, Me, Vista, NT, Server 2003 and 2000. It is easy and quick to manually remove this worm. Delete all W32.Fiala.A and W32.Fiala.A DLL files as well as other infected files on all drives. Remove all System Registry entries and keys. Stop all actively running processes associated with this worm. Click Start menu, select Run and type taskmgr.exe then click the Processes tab. Browse the list of running processes on the Processes tab. Once you find it, select End Process by right-clicking it. If you are unsure what process to remove, select [ORIGINAL FILE NAME].exe.

The W32.Fiala.A worm spreads by replicating itself. It will create files and entries inside the computer which causes damages particularly to fixed and removable drives. Most systems this worm infects include Windows System, namely Windows 98, 95, XP, Me, Vista, NT, Server 2003 and 2000. It is easy and quick to remove this malicious threat. Delete all W32.Fiala.A and W32.Fiala.A DLL files as well as other infected files on all drives. Also, delete all System Registry entries and keys. Stop all actively running processes associated by this worm by clicking the Start menu button, select Run then type taskmgr.exe and click the Processes tab. Find the process [ORIGINAL FILE NAME].exe then right-click the button “End the process”.