Win32.Rotor.a, W32/Rotor.a, WIN.EXE.Virus, PE_ROTOR.A, Win32:Rotor,
Win32/Rotor.A, BehavesLike:Win32.ExplorerHijack, Suspect File, WIN32
Category: Computer Virus
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
31 Jul 2004
The W32.Rotor is a virus that adds itself to .scr and .exe files and has backdoor functionality.
W32.Rotor Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Rotor from your computer.
More details about W32.Rotor
When a file contaminated with the W32.Rotor program is opened, the virus automatically looks for the files with .scr or .exe extensions on drives C to Z and network resources. The virus attacks a random number of data that it finds, adding itself in a section called “.txt”. Take note that the virus contaminates system files, skipping folders with names that begin w/ “WINN”, such as “WINNT” folder. The virus attaches a backdoor code to the “Progman.exe”, if it’s running. It also tries to contact a remote server on TCP port. If a connection is made, the virus runs a command shell on the computer. It controls the host file, enabling the .exe file to open.
The W32.Rotor program opens random ports in the computer without the knowledge of the user. Remote hackers may access the computer via the opened ports. The remote hacker may send additional programs via the opened port. The remote hacker may also utilize the connection to gather system information from the computer. This collected information may include processor type, operating system and free hard disk space. The remote user may also gather confidential files and information from the computer.