Aliases: Troj/Delf-DZX, PE_REYDS.A-O, W32/Reyds-A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 21 Feb 2007
Damage: Low

Characteristics: W32.Reyds.A is a virus that infects Windows systems. It attempts to download files from the Internet. It copies itself to the infected computer as the file death.exe and supervise.exe. It is a slow infector and can be easily removed using an updated antivirus program.

More details about W32.Reyds.A

Once the virus is executed, it copies itself as death.exe and supervise.exe in the Windows System folder. It then searches for .exe files in all network drives. It adds its code to the beginning of the data of the host files. The virus component supervise.exe drops death.Sishen file in the Windows System folder. This file is a non-malicious file. The virus then modifies the registry and attempt to download files from the Internet. The virus tries to terminate some of the security related processes. It also closed windows whose names include some of the following: KV2006, Duba, IceSword, VirusScan, etc. When the files death.exe and supervise.exe are present in your system, it may be an indication of a W32.Reyds.A infection. When detected, the virus must be removed immediately.

The W32.Reyds.A software may download Potentially Unwanted Programs (PUPs) to the computer. These are typically added to the computer without the user’s consent. Spyware applications can track the user’s computer activities and report them to third parties. Adware programs can cause the computer to become sluggish. They can also interfere with the user’s Internet browsing. Programs with backdoor capabilities may allow remote users to control the computer. The PUPs are usually downloaded from a website or a remote server. The location is altered regularly to prevent people from discovering them. The files often pass through a security vulnerability or a backdoor. This makes sure they are not detected by the system. Some applications download files through a security gap in the web browser.