W32.Alcan.A, P2P-Worm.Win32.Alcan.a, Win32.Alcan.A, W32/Alcan.worm!p2p, W32/Alcra-A
WORM_ALCAN.A, W32.Alcra.F, Win32/Alcan.I, P2P-Worm.Win32.VB., W32/Generic.m
Category: Computer Worm
17 May 2005
The W32.Alcra.A is a type of network aware malware which is capable of taking advantage of unprotected network shares. This Worm is known to spread to other computer systems by taking advantage of security vulnerabilities in Peer to Peer file sharing networks.
W32.Alcra.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Alcra.A from your computer.
More details about W32.Alcra.A
A computer system which experiences an infection from the W32.Alcra.A malware normally finds the presence of files which closely resemble filenames of legitimate system files. Based on previous instances of infections, the files regedit.com, taskmgr.exe, tasklist.com, taskkill.com, netstat.com, tracert.com, ping.com, and cmd.com are extracted by the W32.Alcra.A malware into the System folder of the Windows directory. The malware is also responsible for creating the MSConfigs folder in the Program Files directory. This location serves as the storage area for the MSConfigs.exe file while the files z.tmp and bt.exe are stored in the System folder. The W32.Alcra.A malware then creates an archive file named temp.zip to store its setup file and an accompanying bszip.dll which is meant to throw off the detection process.
Execution of the p2pnetwork.exe file creates a corresponding Windows Registry which allows the W32.Alcra.A malware to load on system startup. The malware then proceeds to scan the contents of the local hard drive for the presence of shared folders as well as directory locations that are associated with known file sharing networks like Kazaa, emule, Limewire, and others. When these folders are identified, the malware installs itself using the filenames winis.exe, win32exe.exe, wini.exe, winlogins.exe, or muamgr.exe among others. This threat has been reported by some computer experts to illegally terminate some security programs and system processes.