W32.Shangxing.A


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Slow
Geographical info: Asia
Removal: Easy
Platform: W32
Discovered: 21 Nov 2007
Damage: Low

Characteristics: W32.Shangxing.A is a virus worm that runs a backdoor on the computer. It multiplies by copying itself to removable and local drives.

More details about W32.Shangxing.A

W32/Shangxing.A is a worm virus. The worm will contaminate Windows systems. The worm duplicates itself as “windows.exe” in the root of all removable and local drives. It also duplicates “AutoRun.inf” in the root of all removable and local drive so that it is accessed whenever the drive is opened. The worm puts malicious codes to iexplore.exe and calc.exe, and makes hidden examples of the same. If the hidden case of “iexplore.exe” is ended, the concealed instance of “calc.exe” restarts it. The worm tries to open a backdoor to the domain of “liuzhaoman.5166.info” through TCP port 8181, which provides the attacker the access over the infected PC.

The W32.Shangxing.A worm application installs its main executable files on the Windows system folder. The program creates modifications on the system’s registry. A start-up registry key is added to enable the application to run automatically every time Windows boots up. The W32.Shangxing.A worm program functions on 32-bit Windows operating systems such as Windows 9x, Windows XP and Windows 2000.