W32.Orpheus.A


Aliases: W32/Hpl.worm.dll, W32.Orpheus.A, WORM_ORPHEUS.A, Worm.Win32.Orpheus.a
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Fast
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 09 Nov 2004
Damage: Medium

Characteristics: W32.Orpheus.A is a network aware worm that executes a backdoor capability on the compromised computer. It attacks Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP Operating Systems. It copies itself with the hidden and system files.

More details about W32.Orpheus.A

It creates a “hotplug.exe” on windows system folders. Registry keys are also modified so that the worm will start every time the windows starts. It also has the function to automatically execute a service named as "Hotplug Devices Manager" coming from the infected file “hotplug.exe.” This opens system privileges on the automated driver loading for hot pluggable devices. This constitutes universal serial bus drive, firewire and hotplug PCI systems. If this is stopped, hotplug devices will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.

The W32.Orpheus.A program has the capability of downloading, installing, and distributing other malware. It could use the infected machine for connecting to a certain IP address where it can download malware. It may install these malware to the computer or use the infected computer to distribute its downloaded malware. It may possibly use chats, emails, or P2P networks to send out threats to connected computers. This program is said to infect all platforms of the Microsoft Windows Operating System.