W32.Reploret


Aliases: W32/SillyFDC-V, W32/SillyFDC-AC
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 31 Jan 2007
Damage: Low

Characteristics: W32.Reploret is a worm that infects Windows systems. It is a slow infector. It causes low damage to an infected computer and can be easily removed using an updated antivirus software. The worm spreads by copying itself to mapped network drives and removable media.

More details about W32.Reploret

The worm W32.Reploret infects other computers by copying itself to mapped network drives and removable media. When the worm is executed, it copies itself as: Uninstall.exe in the System folder. The worm periodically attempts to copy itself using the following file names: more.exe in drive C, and Hay.exe in drives D to P. It also creates the file autorun.inf. This file contains the instructions to start the worm. This happens when a drive is attached to the infected computer. The worm may also create the file desktop.ini. This file instructs explorer.exe to display icon text in green. Next, the worm creates and populates one of the registry subkeys. Afterwards, the worm appends the following string to the title bar of explorer.exe: ^_^ Hello, I'm a hot boy but I am very cool ^_^.

When the files more.exe and Hay.exe are detected in a computer, it is a symptom of a possible infection. To remove the infection, you can either use manual removal or automatic removal. The worm can be easily removed with the help of an updated antivirus software. Upon execution, the W32.Reploret program copies its application into a different Windows folder with the same file name and extension. Afterwards, it starts itself as a function or processes within the Windows folder. A provisional file is being taken care of in a loop of erasing file via, if it exists, a check until the said file could be totally deleted form your system. Avoiding firewall notifications is one of the capabilities of the W32.Reploret program. This program is smart enough to position and locate its files via a particular finder function or process that belongs to the administration setting, and therefore giving access to various applications by attaching its files to the process.