Aliases: W32/Hairy-A, WORM_HAIRY.A, Worm:W32/Hairy.A, Virus.Win32.AutoRun.dv
Variants: Hairy.A, W32/Autorun.worm.g, W32.Hairy.A, Worm.Win32.AutoRun.sg

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Moderate
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 04 Jul 2007
Damage: Low

Characteristics: This particular malware is another variant of threats that move to different computer systems by exploiting poorly protected network shares and removable storage devices. An infection resulting from the presence of the W32.Hairy.A Worm will lead to the illegal termination of the firewall software protection of the compromised machine. This malware has been observed to modify various system settings including those related to the functionality of the default Web browser of the Windows environment.

More details about W32.Hairy.A

The W32.Hairy.A Worm tricks the computer user into thinking that it is "The Deathly Hallows" version of the popular Harry Potter series by JK Rowling. It operates by creating a document format file in the root directory of the main hard drive. The W32.Hairy.A will then launch the word processing application to display the contents of the created document file. All windows associated with system processes are minimized by the W32.Hairy.A along with the creation of an executable file version of the document file. It deletes all AT jobs previously scheduled and creates a new list of AT jobs that will be executed daily at a preset interval of 30 minutes from 8:30 in the morning until 7:00 in the evening.

An accompanying text file named Harry Potter is created in the root directory. This file contains various comments about the characters in the book. The W32.Hairy.A will create a temporary folder which is used to store a batch file with the read only, hidden, and system attributes activated. This batch file is used to display a series of text strings on the computer screen. A key value in the Windows Registry is added by the W32.Hairy.A for the newly created batch file. The W32.Hairy.A will also create an autorun file in the root directory of the drives from letter D to J if present.