W32.Vediance


Aliases: Generic9.YEC, TR/Regdis.385536, W32/Malware.AZLB, WORM_AGENT.AESZ
Variants: W32/Frawrm-A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 25 Jun 2007
Damage: Low

Characteristics: The W32.Vediance application is a worm that spreads by copying itself on removable storage devices and network sharing. It infects Windows systems and once the computer is infected by this worm, it disables the registry tools and task manager.

More details about W32.Vediance

W32.Vediance affects Windows XP, Windows 2000, Windows Server 2003, Windows 95, Windows Me, Windows 98, and Windows NT. Once this worm is executed in the computer, the worm checks for the .txt file and if it exists, stops its infection routine. However, If the file doesn’t exist, the worm self-replicates to a .com or a .exe file. The worm will then create registry entries, so that it runs every time Windows starts and modify registry entries to disable the Task Manager and Registry Editor. If not removed in the computer the worm will spread by copying itself to removable devices and network sharing. If these happens, it will then create an auto run file to automatically access the worm. The worm continuously tries to copy itself to all removable devices and may also try to delete all mp3 files found.

Anti-malware programs state the W32.Vediance application connects to a remote server. This server may change from time to time to prevent detection. The software will receive files and commands during the connection. The files may be other unwanted programs that are automatically added to the system. Downloaded commands are also executed without the user’s consent. The software can be used to gather the information and sent to a remote server. Security settings and programs may also be terminated. Applications can be launched and executed without the user’s consent.