W32/Areq.A/B, W32/Arequip-A, Win32:Arequipa [Wrm], Worm.Arequipa, WORM_AREQUIPA.A
W32/Arequipa.worm.a, Win32.HLLW.Arequipa.A , W32/HLLW.Arequipa, Worm.Win32.Arequipa.a
Category: Computer Virus
Active & Spreading
North and South America, Asia
22 Aug 2002
The W32.Areq program is a type of malware which infects all logical drives in the targeted computer system. It is likewise capable of using removable storage devices as transport mechanisms. Reports of infections reveal that it is designed to perform specific actions depending on date it is executed.
W32.Areq Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Areq from your computer.
More details about W32.Areq
If the W32.Areq virus is executed from a removable storage device, it makes use of the Fotos.exe file and creates the _.exe executable file in the Windows directory of the main hard drive. When launched from the hard drive using the _.exe file, the Fotos.exe file is copied to the removable storage device. When the W32.Areq malware is launched from the removable storage device, its functions by modifying the entries in the Windows initialization file to include the file _.exe in the entries. If the virus is launched when the system date is August 30, 2001, a DLL file format is created in the Ecritorio folder of the Windows directory. When the W32.Areq virus is executed with the system date represented as October 15, 2001, the DLL file type will be dropped by the malware directly into the Windows directory. If the system date is equivalent to November 15, 2001, the malware will create a file that makes use of the YACOS file extension in the System folder of the Windows directory.
According to reports, all of the files created by the W32.Areq malware contain textual instructions written in the Spanish language. The four to five lines of instructions are normally preceded by the "rem" instruction to note that they are to be treated as remarks by the Operating System. If the system date corresponds to December 2, 2001, it will insert instructions in the autoexec.bat file to include commands that will format the main hard drive of the infected computer system.