W32/Deletemp3.worm, W32/DelMP3-ATrj/Autorun.J, Virus.Win32.AutoRun.ah, Win32/AutoRun.AH, WORM_DELF.HXZ
Category: Computer Worm
Asia, North and South America, Europe and Australia
30 Jul 2007
W32.Deletemusic is a worm written in Borland Delphi. Its payload is to primarily delete any mp3 files that are infected in the computer. Not only that, it will also infect the Windows system.
W32.Deletemusic Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Deletemusic from your computer.
More details about W32.Deletemusic
W32.Deletemusic is a self-replicating worm that is designed specifically to spread to all drives in the computer. This means that the worm will delete all .mp3 files. It can also make the processor run slowly and the Windows system will be infected. The worm will disguise as a dropped file of a malware or it can be downloaded from the Internet. In the System folder, the worm replicates itself as logon.bat and csrss.exe while in the Windows folder, arena.exe is formed through the propagation of the worm. Then the worm will modify itself in the registry with certain keys. This program also copies csrss.exe and autorun.inf in the executable drives like the floppy disk drive, USB drive and CD drive after the worm creates itself in the removable devices as [DRIVE LETTER]:\csrss.exe and [DRIVE LETTER]:\autorun.inf. After altering the security settings, the worm creates certain entries, and then the worm is ready to delete all .mp3 files on all executable drives.
Another method to propagate the program is through peer-to-peer (P2P) file sharing programs. P2P applications are programs wherein users are able to share different kinds of media files. These media files include images, videos, audio, games and programs. P2P applications make use of a Shared folder accessible to everyone connected to the network. The Shared folder serves as the storage of the downloaded files. The encrypted files are found on this location. Users unknowingly download the program as the components utilize file names that appear as legitimate Windows files. This worm affects computers with running Windows 2000, 95, 98, Me, NT, Server 2003, XP, and Vista.