W32.Folmess


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 06 Dec 2007
Damage: Low

Characteristics: On December 6, 2007, W32.Folmess was discovered. W32.Folmess is a type of worm that propagates by replicating itself to all folders in the computer. It mostly affects the Windows systems, namely Windows 2000, 95, 98, Me, NT, Server 2003, Vista and XP.

More details about W32.Folmess

The W32.Folmess worm spreads by producing a copy of itself to allĀ folders. Upon execution, the worm creates two files: %Windir%\system32\service.exe and %Windir%\system32\taskmdr.exe. Like other worms, the W32.Folmess also creates a system registry entry so that every time the Windows starts, the worm executes. Afterwards, the worm shows a message that contains Slavic characters. On an English version of Windows, the message is displayed by the worm which appears like a series of random characters. Finally, the worm produces a copy of itself. This worm might be planted in computers through USB plugging or downloaded files from URLs. Make sure your computer has always its firewall active to block all incoming threats.

Payloads are also commonly carried by the W32.Folmess malware. They may be mildly annoying or irreparably destructive. Trojan programs could also make modifications to the system settings so that it starts automatically. This program may also be employed to conduct attacks involving a distributed denial of service or DDOS, or installation of other types of malware. Furthermore, the W32.Folmess program could also open the ports on the infected computer system that may in turn be used by other hackers.