Aliases: Worm.AndySoftware
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 28 Nov 2007
Damage: Low

Characteristics: W32.Likasimal is a worm. It spreads through network shares and changes the wallpaper on the infected computer. It infects Windows systems. The worm is also known as Worm.AndySoftware. This particular worm exploits a remotely exploitable vulnerability and targets network shares.

More details about W32.Likasimal

When the worm is executed, it creates msoffice.exe files in the Windows System folder, Windows folder and Startup folders. It also creates registry entries and subkeys to ensure that it runs every Windows startup. It may even change the desktop wallpaper into the image called ANDYsoftware.bmp. The file is actually a .jpg file and not a .bmp file. The worm attempts to spread by copying itself to the following SMB and WebDav shared folders: C:, D:, C:\Documents And Settings, D:\Documents And Settings, C:\WINDOWS, D:\WINDOWS, C:\WINDOWS\SYSTEM32, and D:\WINDOWS\SYSTEM32. The worm can be removed by an updated virus scanner. Updating the virus definitions in a virus scanner software program enables it to detect the threat and remove it completely from the system. Threats can either be removed manually or automatically.

The W32.Likasimal program may change the system configuration. The application may change the settings of the web browser to conceal its access on premium porn sites. The application may register itself on the system registry making sure that every time the computer boots the dialer program also launches. The program may also detect if the computer has Internet connection. The program may also execute every time the computer connects to the World Wide Web. This application may cause the system to run slower. This is because the program utilizes computer resources.