W32.Bratsters
Aliases: W32/Bratster, Wnipsvr.exe, W32.Bratsters [Symantec] Trojan-Downloader.Win32.Delf.bor [Kaspersky Lab] New Malware.ey [McAfee] Mal/Packer, Mal/EncPk-BW, Mal/Basine-C, Mal/Behav-160 [Sophos] Trojan-Spy.Win32.Banker [Ikarus] Win-Trojan/Xema.variant [AhnLab] packed with UPack [Kaspersky Lab]
Variants: N/A
Classification: Malware
Category: Computer Worm
Status: active & spreading
Spreading: slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 25 Jul 2007
Damage: Low
Characteristics: This worm attacks all the drives of the compromised computer. The worm will infect Windows systems namely Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003 and Windows 2000. This usually appears as a dropped file from another malware or has been downloaded by the user in the Internet.
W32.Bratsters Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Bratsters from your computer.
More details about W32.Bratsters
This worm targets all drives and automatically downloads malicious file on to the infected computer. This usually appears as a dropped file from another malware or has been downloaded by the user in the Internet. If the worm successfully copies itself in the compromised computer, it will save a file named wnipsvr.exe and perefic.ini in the System folder. It also creates a registry and automatically loads every computer start up. This registry enables the worm to download malicious files from the list of predefined websites. From the list of available drive in the compromised computer, it may also create hide.exe and autorun.inf files. The worm also uses [http://]cao.ganbibi.com and [http://]bratsersrock.com] website to download files from the Internet. It will create filenames such as Programfiles100.exe.When active in the compromised computer system, the threat may be used to steal critical personal and system information. It is widely believed that it may implement functionalities that are inherent in other types of security risks like adware, spyware, data miners, and hack tools.