Aliases: P2P-Worm.Win32.Achar.a, Win32/Achar.A, Worm Generic
Variants: Win32.HLLW.Achar.A, Win32.Cucaracha.8192, Worm.P2P.Achar.a, Win32:Achar, W32/Achar.worm!p2p

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 13 Feb 2003
Damage: Low

Characteristics: Predominantly considered as a type of Internet Worm, the W32.Achar.Worm malware takes advantage of Peer to Peer (P2P) networks in order to spread itself. However, due to some bugs in its programming, it fails to execute itself to remote computers automatically. This means it has to be launched manually to spread.

More details about W32.Achar.Worm

The W32.Achar.Worm virus is considered in most virus circles as a harmless worm. The malware is mostly found in Kazaa file sharing networks. Once it has been inadvertently activated in a compromised computer system, it attempts to install itself by using the CURACHA.EXE filename. It targets startup directories on the root folder of the computer system in order to gain the ability of executing together with the Operating System. It proceeds by examining the Windows Registry for the presence of shared folders used with Kazaa. Once these shared folders have been identified, the W32.Achar.Worm malware installs executable files using filenames associated with popular antivirus programs. This is presumed to be done to fool the computer user into thinking that these files are legitimate.

The most common removal process for this type of virus is to terminate and delete its main executable file. Launch the Windows Task Manager tool and terminate the associated executable file. Search the Start Menu folders under the Documents and Settings as well as the Windows directories to remove files associated with the malware. Make sure that all files associated with the malware are removed from the startup entries of the Operating System by clicking on the Start button and choosing the Run option. Type the MSCONFIG command in the Open box. Under the Startup tab, remove checked entries pertaining to the malware.