Aliases: W32/Bitter
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 13 Oct 2004
Damage: Low

Characteristics: The worm W32.Bitter is a malware that can spread via peer to peer file sharing networks. It was created with the use of a constructor kit and it is able to inject itself to other running processes in the infected machine.

More details about W32.Bitter

Propagating through file-share networks, the W32.Bitter worm is produced by a constructor kit. It has the ability to inject itself into other processes.When installed in the computer system, the W32.Bitter worm will copy itself as the win32exec.exe in the C:\ Windows folder. It then drops the wini32.dll and EliRt.dll files in the C:\ windows\ system folder and the tmp.tmp in the C:\ Windows\ Temp folder. Next, the worm will add the “load” = %Windir%\ win32exec.exe to a certain registry key so that it can run every time Windows boots up. The W32.Bitter worm will perform a shot of procedures which will depend on the constructor kit utilized to create the worm. These procedures may include injecting entries into Microsoft Internet Explorer or Notepad processes, downloading and running a file in the event that it locates a webcam, and removing the original file it executed. It may likewise inform a remote hacker of its existence via a Web portal in the ICQ.com domain and be configured to run only on a predefined date.

The W32.Bitter worm will also copy itself in the Shared Folder of peer to peer applications (if any is installed in the infected machine) such as KaZaa, Morpheus, Grokster, KaZaa lite, Bearshare, ICQ, Limewire, gnucleus, Edonkey2000, rapigator and Ares. Turn off the System Restore function to remove this virus especially if the system is running on Windows XP or ME. Update the antivirus program’s virus definitions and then reboot the PC in VGA or Safe mode. Next, go to the Registry Editor and then delete the registry key values this program added in the system.