W32.Schting.A


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 26 Jun 2007
Damage: Low

Characteristics: The W32.Schting.A program is a worm that propagates by duplicating itself to local media. It also tries to lower down the protection settings of the infected computer.

More details about W32.Schting.A

When the W32.Schting.A worm runs, it creates files such as “C:\Windows\WinSystem.exe”, “C:\Windows\Win System.exe”, “C:\Windows\windows.exe”, “C:\Windows\WinSystem”, “C:\Windows\WinSystem32.exe”, “C:\Windows\SystemMonitor.exe”, “C:\Windows\MonitorSetup.exe”, “C:\Windows\NowAndForever.exe”, “C:\Windows\system\mscomfig.exe”, “C:\Windows\regedif.exe”, “C:\log.exe”, “C:\Windows\system32\regedif32.exe”, “C:\Windows\ErrorReport.exe”, “C:\Windows\system32\WindowsProtection.exe”, “C:\Windows\system32\msiexee.exe”, “C:\Windows\system\msiexece.exe”, “C:\Windows\system\WindowsUpadate.exe”, “C:\Windows\system32\msidlI.exe”, “C:\Windows\system32\SCCONFIG.exe”, “C:\Windows\system\rundlI.exe”, “C:\Windows\system32\winlocon.exe”, “C:\Windows\system32\wpa.bdlx”, “C:\BootEx.exe”, “D:\BootEx.exe”, “C:\Windows\winsystem.exe”, “%CurrentFolder%\log.txt”, and “%CurrentFolder%\oeminfo.ini”. The worm then minimizes the windows which have titles such as “Task Manager Warning”, “Confirm Value Delete”, “Confirm Key Delete”, and “Edit String” in order to obstruct with the usage of the Windows Registry Editor and Task Manager.

The W32.Schting.A program can render any security programs installed in the computer inoperative thus further exposing the compromised computer to greater risks. System files may also be modified and additional malicious software installed through the actions of the program. Finally, this program also allows the unauthorized transmission of personal and confidential information to undisclosed parties. The W32.Schting.A program affects computers operating under Windows 2000, Windows NT, Windows Me, Windows XP, Windows Server 2003, Windows Vista, Windows 98 and Windows 95.