W32.Solow


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 01 Apr 2007
Damage: Low

Characteristics: The W32.Solow application is a worm that tries to multiply using removable storage drives and duplicates itself as executable files with various names.

More details about W32.Solow

The W32.Solow application is a worm that tries to multiply using removable storage drives and duplicates itself as executable files with various names. Once opened, the worm makes these files: “%Windir%\pchealth\helpctr\binaries\msconfig.exe”, “%Windir%\regedit.exe”, “%System%\cmd.exe”, “%System%\systeminit.exe”, “%System%\taskmgr.exe”, “%System%\wininit.exe”, and “%System%\winsystem.exe”. Then the worm makes the “%SystemDrive%\kerneldrive.exe” and “%SystemDrive%\autorun.inf” files if remote drive exists. During the installation, the malware program may be capable of picking out a random INI file and embedding its code on the end-of-file. It will then proceed to integrating it to the Windows Registry to automatically execute during Windows Startup. The malware may also be acquired from email attachment. The program will automatically reside in the memory to avoid detection once the attachment is downloaded and executed by the user. Once active for the first time, the malware will patch the explorer.exe program in Windows for its functionality.

The W32.Solow worm application may install itself in the computer in various ways. The application may come as an e-mail attachment. These e-mails usually contain a misleading subject to trick the recipient into downloading and executing its contents. The application may also install itself into other computers by creating copies of itself in the shared folders. The application disguises these copies as a legitimate file. This is to trick the user into executing the program. The W32.Solow worm program runs Windows 98, Windows 95, Windows ME, Windows 2000 and Windows XP operating systems.