W32.Fijjy


Aliases: W32.Fijjy.A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 08 Jun 2006
Damage: Medium

Characteristics: On June 8, 2006, W32.Fijjy was found spreading through open network shares and downloads and executes remote files in the computer. Systems corrupted by this worm are the Windows 2000, 95, 98, Me, NT, Server 2003 and XP.

More details about W32.Fijjy

The W32.Fijjy worm performs several actions in propagating its infection. Once the worm is executed, it attempts to stop the Windows Firewall/Internet Connection Sharing (ICS) service. Then it lowers the security settings to disable the Zone Alarm firewall. Also, it makes some service processes to stop running. Afterwards, the worm will close some windows which are mostly security-related processes. The file [http://]www.fjjyjy.net is downloaded and is saved as the c:\win30.exe file. If this is executed, the worm tries to open shared folders. If the worm opens successfully, it replicates itself to the targeted folders as Setup.exe and/or AutoExec.bat.

After the W32.Fijjy is executed and copied itself to network shares, it lists all computers and shared folders in the network. Then shared folders open with a blank username and password which enable the worm to copy itself to the folders. However, the worm can be removed manually. The System Restore should be disabled then update the virus definitions, whatever antivirus software is installed on the computer. Restart the computer in safe mode and once it turns on, run a full system scan. Delete all System entries and keys as well as values added. In a normal mode, reboot the computer.