Aliases: W32/Fomur, Win32.Fomur.1312
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 22 Aug 2003
Damage: Low

Characteristics: A virus was found on August 22, 2003 that mainly infects removable or executable files. This virus was named as the W32.Fomur. Also known as W32/Fomur and Win32.Fomur.1312, this virus affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP. However, infected files by this virus can be restored.

More details about W32.Fomur

To be able to spread its infections, the W32.Fomur virus tries to search for .dll files and infects them once the virus is executed. The .dll files can be found on three folders specifically %Windir%, %System% and the folder in which the virus was executed. Remember that there are various %Windir% depending on the computer system. By default, it is either C:\Windows or C:\Winnt. When the virus found the target System folder, it produces a copy of itself to that specified location. For Windows 95, 98 and Me, the virus copies as C:\Windows\System. For Windows NT and 2000, it creates as C:\Winnt\System32. And for Windows XP, C:\Windows\System32 is created.

According to anti-malware reports, the W32.Fomur application takes advantage of security vulnerabilities so that remote attackers can get into an affected PC. This action lets hijackers control an infected computer from a remote location. The W32.Fomur application presents a security risk because it steals confidential information, corrupts system files and decrease computer speed. It is reported to be a program that runs secretly in the background while allowing remote access into the machine. It lets an attacker take complete control of the system.