Aliases: TrojanDownloader.Win32.Slime.b, Downloader-CL, Trojan.Slime, W32/Slime-B, TROJ_SLIME.A,
Variants: TR/Dldr.Slime.B.11, Win32:Trojan-gen., Downloader.Generic.KCR, Trojan.Downloader.Slime.B, Trojan Horse,

Classification: Malware
Category: Trojan Horse

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 23 Apr 2004
Damage: Low

Characteristics: The W32.Slime Trojan program tries to download pieces of data from a predefined site, and then opens it. It is a virus that contaminates portable executable files with an .exe extension.

More details about W32.Slime

The W32.Slime program is a Trojan horse. It tries to get a file from a website, and then opens it. A Trojan horse contaminates portable executable files that have an .exe extension. This Trojan horse is compressed with “tELock”. When a document is contaminated with W32.Slime, the Trojan makes the file “%System%\Rundll.exe”, which is the viral part of the virus. It is 27 megabytes in length. The W32.Slime changes the value of the registry key to “@="%System%RUNDLL.EXE “%1” %*"”, so that the Trojan opens each time an .exe or executable file is launched. The Trojan connects to a website to get and execute a file. The contents of these files may differ depending on what the Trojan makes. When an .exe file is launched, the Trojan adds its code to the host file. It also adds 250 bytes to the host file. The contaminated file raises 27 megabytes in size.

Security experts claim that the W32.Slime program is a malware because it brings about unauthorized changes to the infected computer. It redirects the user’s homepage to unwanted websites and cause more than normal amount of pop-ups on the user’s desktop. Emails originating from the victim computer may be sent and lost in favor of unauthorized parties. Finally, the user experiences a decelerated computer performance since system resources are inappropriately consumed by the malware.