Generic.ed, Mal/Generic-A, Worm.Small.VJA, Worm.Win32.Small.q, AWORM_SMALL.GBQ
Category: Computer Worm
Some parts in Asia, North and South America, Europe and Australia
24 Apr 2007
W32.Delcycer is a worm that infects Windows systems by copying itself to mapped drives. The infection length of this is 6,656 bytes. Its first appearance was on April 24, 2007.
W32.Delcycer Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Delcycer from your computer.
More details about W32.Delcycer
This self-propagating worm infects Windows systems like the Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP. It spreads by replicating itself to mapped drives. The mapped drives that it refers to are the networked computer’s hard drives used for network share. Most of these mapped drives contain information that are managed and used by group of users. The worm executes in the system then creates two files which are the svchost.exe and system.exe or %System%\svchost.exe and %System%\system.exe. Then on the mapped drives, the worm creates two more files: [DRIVE LETTER]:\recycled\sys.exe and [DRIVE LETTER]:\autorun.inf. After the creation of these files, the worm will create a service. The service and display name is System Scheduler while the image path is [PATH TO WORM EXECUTABLE]. Then, the worm creates a certain registry subkey for the service mentioned. Here, the infection is spread to all mapped drives (excluding removal drives).
Data and system files may be edited, moved or deleted. Programs may be uninstalled, launched or added to the computer. The running processes of anti-malware programs are disabled. The user’s activities can be monitored. The gathered data is often sent back to the remote server. The infected system may also be commanded to participate in Denial of Service (DoS) attacks. Users also report that the worm software places infected files in shared folders. These may be shared via a local access network (LAN) or a file sharing program.