W32.Racita.A


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 26 Oct 2007
Damage: Low

Characteristics: W32.Racita.A is a worm. It targets and copies itself to mapped drives D through H. In addition, it attempts to lower security settings on the infected computer. The worm is a slow infector and causes low damage. It is also easy to remove using an updated antivirus software.

More details about W32.Racita.A

The worm W32.Racita.A infects mapped drives D through H. Once the worm is executed, it executes a randomly named batch file. It then creates the files readme.exe and foto.jpg. Next, the worm drops the file foto.jpg and creates the file desktop.ini. This sets the .jpg file as the background image of the folder. After that, the worm creates a registry entry so that it executes whenever Windows starts. It also attempts to disable the Windows Task Manager by creating another registry entry. The worm propagates itself by copying itself to drives D through H. It uses the following files: Love_Girl.doc.exe, Dark_Song.doc.exe, Poopie.doc.exe, and Practica-1.doc.exe. To make sure that it will be executed every time a drive is accessed, the worm also creates a file named autorun.inf. In order to disable system restore, it creates the file rstrui.exe.

The W32.Racita.A application may be spread in e-mails or instant messages. These are often from unknown senders. The subject line and the body will persuade users to click on a link or open an attachment. IRC, peer-to-peer (P2P) file sharing programs, freeware and shareware websites and drive-by-downloads can spread the application as well. The malicious software creates a copy of itself in the system. This is believed to be named aichong.exe. It may be placed in the Windows or System folder. It can be added as a value to the startup registry key. This allows it to run at system startup. This also allows it to access system resources.