Aliases: W32/Areq.A/B, W32/Arequip-A, Win32:Arequipa [Wrm], Worm.Arequipa, WORM_AREQUIPA.A
Variants: W32/Arequipa.worm.a, Win32.HLLW.Arequipa.A , W32/HLLW.Arequipa, Worm.Win32.Arequipa.a

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: North and South America, Asia
Removal: Easy
Platform: W32
Discovered: 22 Aug 2002
Damage: Low

Characteristics: The W32.Areq program is a type of malware which infects all logical drives in the targeted computer system. It is likewise capable of using removable storage devices as transport mechanisms. Reports of infections reveal that it is designed to perform specific actions depending on date it is executed.

More details about W32.Areq

If the W32.Areq virus is executed from a removable storage device, it makes use of the Fotos.exe file and creates the _.exe executable file in the Windows directory of the main hard drive. When launched from the hard drive using the _.exe file, the Fotos.exe file is copied to the removable storage device. When the W32.Areq malware is launched from the removable storage device, its functions by modifying the entries in the Windows initialization file to include the file _.exe in the entries. If the virus is launched when the system date is August 30, 2001, a DLL file format is created in the Ecritorio folder of the Windows directory. When the W32.Areq virus is executed with the system date represented as October 15, 2001, the DLL file type will be dropped by the malware directly into the Windows directory. If the system date is equivalent to November 15, 2001, the malware will create a file that makes use of the YACOS file extension in the System folder of the Windows directory.

According to reports, all of the files created by the W32.Areq malware contain textual instructions written in the Spanish language. The four to five lines of instructions are normally preceded by the "rem" instruction to note that they are to be treated as remarks by the Operating System. If the system date corresponds to December 2, 2001, it will insert instructions in the autoexec.bat file to include commands that will format the main hard drive of the infected computer system.