W32.Resik.A


Aliases: Worm.Win32.Small.i, W32.Resik.A
Variants: W32.Resik.B, W32.Resik.C

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: N/A
Geographical info: North America
Removal: N/A
Platform: W32
Discovered: 29 Jun 2006
Damage: N/A

Characteristics: W32.Resik.A is a worm that is designed to infect Windows programs. It spreads through unsecured network shared folders. The file copies a Trojan Dropper in the System folder. Once the worm is detected on a computer, it needs to be removed immediately.

More details about W32.Resik.A

The worm propagates itself though unsecured network share folders. When the worm is executed, it copies a Trojan.Dropper using the filenames Driveinfo.exe in the System folder.The Trojan.Dropper may drop and execute files named alvsvpd.exe which are detected as Backdoor.Bifrose. It then also tries to drop a copy of the worm as the following file: inetsrv.exe. The worm creates registry entries so that it runs every time Windows starts. The worm may also create the following files: Driveinfo.log and Driveinfo.scd in the System folder. When any of the files stated above are detected on a system, it may indidcate a possible infection. To remove the worm, it is recommended that you use an updated antivirus program. Once an antivirus program is installed, the worm can be detected early before it causes damage.

The W32.Resik.A program creates a backdoor to connect to remote servers. Backdoors are created by opening an unused system port. The ports are chosen at random. The Internet connection created using the backdoor is unmonitored. System security features and anti-malware programs are typically unaware that the port has been opened.Dynamic Link Library (DLL) files are often added to the system. These may be dropped or loaded by executable files. The files may be deleted after the DLL modules are created. The DLL file acts as the main process of the downloader program. It is linked to the iexplore.exe file. This executable file is the main process of the Internet Explorer web browser. This allows the W32.Resik.A software to hide behind legitimate processes.