Virus.Win32.Rutern.5244, Win32.Rutern.5244, W32/Widare, W32.Widare, W32/Rutern.5244
Category: Computer Virus
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
23 Nov 2003
The W32.Widare virus is an encrypted, file appending virus which tries to infect any .exe, .scr, and .cpl files. Since this virus is dated November 24, 2003, this threat may be detected as Bloodhound.W32.2. This virus is written on Windows operating system such as Windows 2000, Windows 98, Windows 95, Windows NT, Windows Me, Windows XP, and Windows Server 2003.
W32.Widare Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Widare from your computer.
More details about W32.Widare
W32.Widare virus is an encrypted, file appending virus, which tries to infect any .exe, .scr, and .cpl files. Since this virus is dated November 24, 2003, this threat may be detected as Bloodhound.W32.2. The virus infects executable files in your current working folder, Windows System and Windows folders upon execution. The virus will target files from your antivirus program vendors and would try to infect files with CPL and SCR file extensions. W32.Widare may show a message box coded by “TheWizard in Spain (2003)” and “Your system is now infected !!" upon execution on your system. All files that it found in those folders, especially with .exe, . .scr, and .cpl file extensions will be infected.
The W32.Widare program commonly places a file in the Windows folder. This executable file is added to the startup registry key. Other copies may also be placed in the subfolders of the Windows directory. These files are saved with the names of legitimate Windows processes. A mutex object may also be created to monitor the installation. The application connects to a remote server. The person that developed the W32.Widare program typically controls this. Commands and instructions may then be sent for the software to execute on the infected computer.