Etapux, W32/Etap.d, Win32/Linux.Etap, W32/Etap-A, Win32/Etapux.dr
PE_ETAPx, W32/Etap, W32/Etap, Win32:Simile, Win32.Etap.Gen
Category: Computer Virus
Asia, North and South America, and some parts of Europe and Australia
06 Mar 2002
The W32.Simile application is a complex virus that utilizes entry-point obscuring, polymorphic decryption, and metamorphism. It contaminates files in folders on all remote and fixed drives that are located at the time that the virus is opened. The virus has no destructive load, but infected data may show messages on specific dates.
W32.Simile Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Simile from your computer.
More details about W32.Simile
The W32.Simile is a difficult virus that utilizes metamorphism, entry-point obscuring, and polymorphic decryption. The worm contaminates files in directories on all remote and fixed drives that are used at the moment that the virus is opened. The virus has no destructive payload, but contaminated files may show messages on particular dates. When the virus is executed, it verifies the present date. If the host file (the file that’s infected w/ the virus) introduces the Windows file “User32.dll”, then on the 17th of June, March, December, or September, a message is shown. For every file that’s found, there is a 50% chance that it will be disregarded.
Files wouldn’t be contaminated if they start w/ “F-“, “PA”, “SC”, “DR”, and “NO”, or if the letter V shows anywhere in the filename. Because of the way in which the filename matching is done, filenames with specific characteristics, for instance, those that start with FM or has the 6 are not infected as well. The W32.Simile virus has a lot of other checks to prevent from infecting “goat” files (goat files are files that are commonly utilized to get viruses). The process of infection utilizes the structure of the host, and random factors, to manage the placement of the decryptor and the virus body. This malware may also be capable of detecting and infecting all SCR and EXE files on the infected machine. It was speculated that this malware variant is also capable of bypassing network security protocol to initiate the same function in other terminals within a local area network (LAN).