Aliases: W32/Autorun.worm.e, Win32/Mocmex.AM, Packed.Win32.NSAnti.r, Packed.Win32.NSAnti.r, WORM_AGENT.TBH
Variants: W32.Dotex.

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 29 Jul 2007
Damage: Medium

Characteristics: This worm is also known as Dotex. It affects Windows system processes and hampers regedit and msconfig processes. It also has backdoor capabilities such as secretly installing itself to the system and executing corrupt .exe files, with this case, vnwpbns.exe files. Once this worm is already in your system, it executes a lot of pop up advertisements. Pop up blockers are also hindered by this worm. This is usually acquired through pornography, hackin, and gambling-related sites.

More details about W32.Dotex

Dotex worm was discovered on May 29, 2007. It infects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista and Windows XP. It continuously copies itself to all the root drives and multiplies through Windows System folder. It creates autorun.inf file on the root of all drives while disabling antivirus program. It is known that upon spreading itself to the root drives, it also has the capacity to spread malicious files on the infected computer. One effect of this virus in a compputer is the hacking of the computer’s browser start page, search result, desktop toolbar, wallpaper, tray icons and windows shortcuts. Sometimes, it also produces continual tower speaker bleep sounds as well as a Blue Screen of Death" error caused by corrupt registry keys, dll's and system files. Computers also tend to slow down implementing long start ups and reboot time. This worm also has the potential to record windows behavior and values on system registry while disabling active security software.

The application also has functionalities of a Remote Administration Tool (RAT) program. The W32.Dotexapplication enables a remote user to navigate the monitored computer without being detected. The program establishes a connection between the controlling system and the user’s computer. The application is composed of a server and a client. The program can be used to control the computer’s CD-ROM, screensavers, taskbar, chat conversation windows and display monitor. It may also be used to run or terminate applications on the user’s computer.