W32.Dizan.F, Worm.Win32.Hipak.a, W32/Hipack.worm, PE_HIPAK.A, W32/Dzan-E, Virus:Win32/Hipak.A, W32.Dzan,Win32/Hipak.worm.65536
Category: Computer Virus
Asia, North and South America, Europe and Australia
13 Dec 2006
W32.Dizan is a virus with backdoor capabilities which allows propagation by infecting executable files. Its length varies but can be as long as 65, 000 bytes. It has the capabilities of modifying files by infecting and overwriting them.
W32.Dizan Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Dizan from your computer.
More details about W32.Dizan
W32.Dizan spreads via network shares. To spread, it searches for and lists down accessible network shares, where it attempts to drop a copy of it. It connects to a specific server and operates as an IRC (Internet Relay Chat) bot. Once connected, it executes definite commands locally on affected machines, parting these machines’ security compromised. W32.Dizan connects to a range of IRC servers, and then connects with a channel that is tough code into its body. It is then ready to accept remote commands, such as executing and downloading remote files, acting as an IRC proxy server, sending messages via IRC, joining IRC channels, and sending UDP and ICMP packets to isolated computers.
This virus produces outbound traffic, creates a startup registry entry and definitely contains an identified security risk that can damage the computer system. Some removable files are modified to allow the presence of a PE-file infector. Upon execution of this virus, the W32.Dizan program creates a file which is the %System%\mmc.exe or by default C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), and C:\Windows\System32 (Windows XP). Then it creates a service and two registry keys. Also, it adds a certain value to a registry subkey. This creation of files and values allow the worm to spread and infect executable files on all drives. Its backdoor capabilities open on port 3000.