W32.Dexter
Aliases: W32/Dexter, W32/Dexter, F-PROT ANTIVIRUS, Win32.HLLM.Dexter.6Doctor, Dr.Web, WORM/Dexter
Variants: Win32.HLLW.Dexter.a, W32.Dexter.A, W32/Dexter-A Win32.Dexter.A
Classification: Malware
Category: Computer Worm
Status: Inactive
Spreading: Slow
Geographical info: Asia, North and South America, Europe and Australia
Removal: Easy
Platform: W32, Linux
Discovered: 01 Feb 2002
Damage: Low
Characteristics: W32.Dexter is a worm that spreads though email and IRC. Many users experience a problem regarding this worm. This is common in attacking user’s emails and other system like the IRC. This is a self-replicating worm.
W32.Dexter Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Dexter from your computer.
More details about W32.Dexter
Once the execution of the W32.Dexter program is performed, it copies itself to the following: \Windows\Setup.exe and \Windows\Sys#.exe. Afterwards, it adds a certain value in the Windows Registry key. One of the registries will allow the worm to propagate and run every time the Windows starts. Then, the worm checks the registry key if the WinZip is installed. Once it is installed, the worm adds another value to the registry key. Then the worm zips the C:\Windows\Sys#.exe file into C:\Windows\Os#.zip. If this is done successfully, the worm spreads throughout the email. It searches emails that contain .htm files. There, it sends itself to the email addresses it finds. Some of the subjects used in emails containing this worm are the following: AVP-Virus-Warning; freeware nice game; My cool, litle program; or Special FX screensaver.
Computers or networks infected with the W32.Dexter program may use up system resources and consume more bandwidth. This program may also be used to install other malware, which can further exploit the infected system. A user may obtain the W32.Dexter application manually by opening an infected e-mail attachment, clicking links on instant messages from users not in the address book, or sharing files over the internet. It can also propagate automatically by taking advantage of security leaks of different Operating Systems. It can attack unsecure network access points in applications or the operating system itself. The W32.Dexter application can spread on its own. It can propagate automatically from computer to computer within networks.