W32.Sphit


Aliases: Win32.HLLW.Spinex, W32/Audience.worm.a, Win32.HLLW.Audience.41216, W32/Sphit-A, Win32/HLLW.Spinex,
Variants: PE_AUDIENCE.A, W32/Sphit.A, Win32:Spinex, Worm/Audience, Win32.HLLW.Audience.41216,

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 01 May 2003
Damage: Low

Characteristics: The W32.Sphit application is a worm that duplicates itself to network files in which users have access to. The subsistence of the file Dllexe32.exe is a sign of a possible contamination.

More details about W32.Sphit

The W32.Sphit program is a worm that duplicates itself to the folders in network in which users have the authority access. The existence of the “Dllexe32.exe” file is an indication of an infection. When the W32.Sphit is opened, it duplicates itself as “%System%Dllexe32.exe” and “%System%Dllfolder32.exe”. The worm makes a registry key with a string value "(Default)"="%System%dllexe32.exe %1". It changes the default value of the registry key from “%Windows%Explorer.exe /idlist, %I, %L” to “%System%dllfloder32.exe explorer.exe /idlist, %I, %L”. The W32.Sphit changes the default registry key value from “[ViewFolder("%l", %I, %S)]” to “”. When you opened any shared documents on the network, the worm duplicates itself to that folder as “+.exe.”.

The program is computer worm. It can replicate itself and spread its copies over the shared network. The W32.Sphit worm application arrives in the system through spam e-mail. These electronic mails contain an attachment of the computer worm. These e-mails may also contain the components utilized by the application. These may include rootkit tools and a Simple Mail Protocol (SMTP) engine. The computer worm is possibly used for creating bot networks.