W32.Spacemark

Aliases: Win32.HLLW.VB.b, W32/Spacemark.gen, Win32.HLLW.Spacem, Win32/HLLW.VB.B, WORM_SPACEMARK.A,
Variants: Win32:Spaceman, Win32/VB.E, Win32.HLLW.VB.B, Win32/HLLW.VB.B

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 05 Oct 2003
Damage: Low

Characteristics: The W32.Spacemark program is a worm that duplicates itself to the mapped drives and local drive as variable file names.

W32.Spacemark Removal Tool

If you have Malware on your computer it will cause annoyances and will damage your system. You should either:

A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software

RECOMMENDED:

We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Spacemark from your computer.

More details about W32.Spacemark

When the W32.Spacemark worm is opened, it modifies a registry key and adds the value "MyApp"="". The worm tries to duplicate itself to “c:\windows\NTUSER3.dat”, “c:\NTUSER3.dat”, “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetWorker.bat”, “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Network.exe”, “C:\Documents and Settings\All Users\Start Menu\Programs\System.pif”, “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows.Pif”, “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Screen Saver.scr”, “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\1.exe”, “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2.exe”, “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\3.exe”, “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\4.exe”, “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\5.exe”, “C:\Windows\Start Menu\Programs\Startup\NetWorker.bat”, “C:\Windows\Start Menu\Programs\Startup\Network.exe”. “C:\Windows\Start Menu\Programs\System.pif”, and “C:\Windows\Start Menu\Programs\Startup\Windows.Pif”. Then the worm duplicates itself to the directory and “C:\Documents and Settings\Mark\My Documents\Shared” as one or more of the following filenames: “Olivers Gay Pic.exe”, “Project1.exe”, “Homework.exe”, “Lee Is Fat.exe”, “New Screensaver.scr”, “My Screensaver.scr”, “New Game.scr”, “New Program MUSE SEE.exe”, “Info.exe”, “DATA.pif”, “Happy Screensaver.exe”, “Oliver and Chris.exe”, “Chris Me Bom Boy.exe”, “New Project.exe”, “MSN Plus v 4.exe”, “Heavy k's advanced nick changer.exe”, “Die.exe”, “1.exe”, “1.pif”, “1.scr”, and “Jim.exe”.

The W32.Spacemark worm application may be distributed manually through peer-to-peer (P2P) file sharing networks. It may also be distributed through Internet Relay Chat (IRC) and public discussion forums. It may be bundled with other malware applications. The program may also be bundled with the other programs like freeware applications. It may also be downloaded from File Transfer Protocol (FTP) sites. The W32.Spacemark worm program affects the system platforms Windows 95, Windows 98, Windows 2000, Windows Me, Windows Server 2003 and Windows XP.

Browse for more malware information

Uniblue Systems Microsoft Certified Partner