Aliases: N/A
Variants: W32/[email protected]

Classification: Malware
Category: Computer Virus

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 29 Jan 2003
Damage: Low

Characteristics: W32.Felic is a very tricky virus that deceives windows user by creating a valid windows folder when it is dropped. The author chose to write it on Microsoft Visual Basic programming language. All platforms of windows are vulnerable to this worm, may it be Microsoft IIS, Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP. When this folder is opened, it will execute the virus as well, thus making copies on the hard drive and floppy disk drive.

More details about W32.Felic

Its filename is always “felicidades.exe” and “For You My Love.exe" on the removable drive. If the system date is May 1st, September 9th, or December 2nd, and the system time is 00:00:00, W32.Felic displays an image and a message containing, “Feliz Cumpleanos : Carlos Alberto DIA FELIZ DIA FELIZ DIA FELIZ DIA FELIZ Son los sinceros deseos de: [email protected]@P [email protected]@T.” It is usually in a blue window box that is enclosed with three circles colored orange, pink and green. Aside from displaying the message, it also adds a copy in the windows system directory as Win32.com. Once the virus has executed, it remains in memory.

According to various reports, the W32.Felic application is an infection that allows hackers to remotely influence the user’s infected computer, download unwanted files, take advantage of a security flaw in the system, distribute and spread viruses and threats, and install unsolicited files without consent from the user. It is possible that this virus will install and execute a remote administration utility that resembles legal remote administration programs being used by system administrators. These utilities connect the infected computer to the Internet or a Local Area Network to allow external control from hackers.