Aliases: P2P-Worm.Win32.Repad, Worm.P2P.Repad, W32/Repad!p2p, WORM_REPAD.A, Worm/Repad.A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 08 Sep 2003
Damage: Low

Characteristics: W32.Repad.Worm is a worm that infects Windows systems. It attempts to propagate using the KaZaA file-sharing network. When the file st01b.reb or SysTray32.dat is detected on a computer, it indicates a possible infection. The worm shuts down the infected computer during the first time that it is executed.

More details about W32.Repad.Worm

W32.Repad.worm uses the KaZaa file-sharing network to propagate itself. Once the files st01b.reb and SysTray32.dat are detected on your computer, it is an indication that the worm may have infected your system. If it is the first time that the worm has executed, it will display the message: “Adult content inside. Must be over 18. Do you wish to continus?” If you click "No," the worm will terminate. It will also display the message: “Repent You Sinner!” It copies itself as: St01b.exe SysTray32.exe, Soft Sex-Movie Scene mpeg(Selfextracting).exe, Striptease-mpeg(Selfextracting).exe, Soft Sex-Movie Scene mpeg(Selfextracting).exe, and Striptease-mpeg(Selfextracting).exe. The worm then adds values to the registry. It also creates the files st01b.reb and SysTray32.dat in the System folder. These two files are not viral in nature. These should be deleted manually when detected.

The W32.Repad.Worm program is also categorized as Rootkit software that essentially cloaks the presence of files and data to constantly evade detection, whilst allowing the hijacker to gain control and obtain access to the machine without the user's knowledge. Rootkits typically are utilized by malware like viruses, spyware, Trojans, and backdoors, all to conceal themselves from the user as well as from rigid malware detection software such as anti-virus and anti-spyware modifications. Such Rootkits are also used by some adware applications such as DRM (Digital Rights Management) programs to thwart the elimination of that unwanted software by users.