W32.WinExt.Worm


Aliases: I-Worm.WinExt, I-Worm.Trit, W32/HLLW.Trit, W95/WinExt
Variants: Win32/TryIt.A, Win32:Winext, Worm.Winext, Worm:Win32/WinExt.A@mm

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Europe
Removal: Easy
Platform: W32
Discovered: 24 Jan 2000
Damage: Low

Characteristics: The W32.WinExt.Worm program is a worm that spreads through e-mail using MAPI. The worm replies automatically to e-mails and attaches itself as TryIt.exe. file. It generates a message error and duplicates itself to the windows directory as Winext.exe file. It will then modify the Win.ini and run itself to load when Windows restarts.

More details about W32.WinExt.Worm

W32.WinExt.Worm is a program encrypted Internet worm. It appears as TRYIT.EXE file that is attached to e-mail messages. The worm is claimed to duplicate itself in Windows PE executables, which is about 70 kilobytes long. When this worm is run, it installs itself as the name WINEXT.EXE in the Windows directory and then modifies Registry and INI files to automatically run once Windows session starts. The worm as well makes additional file called the WINEXT.DAT in the same directory folder, and stores some data on that location. This data is utilized by W32.WinExt.Worm while propagating its copies. After installation, the program sleeps for one hour and then starts its spreading routine by connecting to MS Outlook and utilizing MAPI functions. This will then get access to files in Outlook data base, and answers them back with an attached file named TRYIT.EXE. The worm as well appears to have back door abilities. It checks messages for particular data, and then takes instructions from the message.

The W32.WinExt.Worm program can also steal files from the computers. Security settings and running processes may also be disabled. Other applications can also be downloaded and installed in the computer. These downloads often include adware, spyware and other Trojan software. These are added to the registry and executed. The W32.WinExt.Worm software may be downloaded by users. It is often disguised as another file. It may also be bundled with other applications. Other malware programs can also spread it.