W32.Resdoc


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: N/A
Geographical info: North America
Removal: N/A
Platform: W32
Discovered: 05 Sep 2002
Damage: N/A

Characteristics: W32.Resdoc is a worm that infects Windows systems. It periodically attempts to copy itself to drive A. It also copies itself as Smss.exe in the windir folder. The worm locates the main Windows installation folder and uses it as a destination folder.

More details about W32.Resdoc

The worm W32.Resdoc was first discovered on September 5, 2002. It is a worm that targets Windows systems. When it is executed, it copies itself to the windir folder as the file Smss.exe. The file smss.exe is supposedly a Windows NT Session Manager. It is responsible for starting the user session. It is responsible for various activities like launching Winlogon and Win32. It then waits for these processes to end. When this happens normally, it shuts down the system. If not, the system hangs. In some cases, the file smss.exe is a worm. In the case of W32.Resdoc, the file is a worm that copies itself to drive A. Not much information is gathered regarding the technical description of the worm. If the system detects the file smss.exe and is usually stops responding, it is an indication of a possible infection.

The W32.Resdoc program tends to download multiple malicious files form several third party applications and enables to execute them on the client’s system. If not, a new instance comes in play. The Internet Explorer program creates automatically and the malicious file loads and executes itself over the browser’s setting as a particular process in its archive.