W32.Paroc.Worm


Aliases: Win32/Paroc.A@mm, W32/Paroc-B, Win32.Paroc.B@mm, WORM/Paroc.B, Win32:Antidep [Wrm]
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 11 Jun 2002
Damage: Low

Characteristics: W32.Paroc.Worm is a worm that uses MAPI so that it can send itself to email addresses. All email addresses the worm finds in HTML files are its target. The email contains the following message: “Attach file is new multimedia pack for Win9x/ME/NT/2000 and some WinXP! (c) Copyright PROSAC SW”. It also arrives as if like from "PROSAC SW" or .This worm was first found on June 11, 2002. It mainly affects Windows 2000, 98, Me, NT and XP.

More details about W32.Paroc.Worm

The worm is installed after execution. It does several actions. First, it checks if the operating system is Windows 2000 then attempts to start the Tapi32ms service. In case the service cannot be started, the worm produces a copy of itself as \%System%\Tapi32.exe. If the operating system of the computer is either Windows 98 or Me, the worm registers as a service then adds itself to the system registry key as PROSAC %system%\tapi32.exe. Next, W32.Paroc.Worm creates \%Windows%\Prosac.rar consisting of the worm itself. After the creation of copies of the worm, it tries to send the .rar file to the virus author and finds .htm*files in all subfolders under \%cache%. Any files that contain a “mailto:” string will be that target of the worm to be able to send the .rar file to the “mailto:” address. In addition, the worm downloads and runs the Sender.exe file if the computer has an active Internet connection. If the worm runs for the first time, it shows a message that requires the user to restart the computer.

The W32.Paroc.Worm program can man the whole computer system of the user without his or her knowledge. It can go on and on without the user knowing it because of its ability to hide itself. The W32.Paroc.Worm program is an exploit program that particularly targets a programming ambiguity or inaccuracy in another program. The vulnerabilities or flaws allow remote hackers to access a user's computer. Rogue programmers and hackers are always on the sentry for security flaws, as they supply the most consistent means to attack or invade a network or a remote computer.