W32.Slurk.A


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 06 Jun 2007
Damage: Low

Characteristics: The W32.Slurk.A program is a worm that duplicates itself to all shared and removable drives, and drops other threats on the computer.

More details about W32.Slurk.A

The W32.Slurk.A application is a worm that duplicates itself to all shared and removable drives, and drops other threats on the computer system. When the worm is opened, it makes the “%System%\alligt.exe”, “%System%\severe.exe”, “%System%\drivers\conime.exe”, “%System%\drivers\nkruls.exe”, “%System%\hx1.bat”, and “%System%\noruns.reg” files. The W32.Slurk.A worm also drops the “%System%\alligt.dll” file, which is a duplicate of “Infostealer”. Then, the worm duplicates itself to all accessible shared and removable drives. The worm then removes the “%System%\hx1.bat” and “%System%\noruns.reg” files.

The W32.Slurk.A application may utilize a rootkit tool. The rootkit tool allows the program to function on the computer without while remaining undetected by the user. The rootkit tool renames the main files of the downloader Trojan application to appear as legitimate Windows files. The rootkit function may disable active security utilities on the computer such as personal firewalls and anti-virus tools. The main components used by the W32.Slurk.A program are located on the system folder. The application modifies the system’s registry. It adds a registry key that enables the program to launch automatically every time Windows boots up.