Category: Computer Worm
Active & Spreading
24 Jan 2008
The worm W32.Korron.A spreads through removable drives and lowers security settings. It infects Windows systems. This worm can consume system memory. It also decreases network bandwidth and can cause a computer to crash.
W32.Korron.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Korron.A from your computer.
More details about W32.Korron.A
The worm W32.Korron.A arrives as a dropped file from a network or a removable drive. When executed, the worm copies itself as r0nk0r.exe, Setup.exe, and msvbvm60.dll in the Windows folder. It also copies itself as shell.exe, MrHello.scr, IExplorer.exe in the System folder. It creates new entries in the registry and modifies it to make sure that it runs during each start up. The worm copies desktop.ini and Data Administrator.exe in the removable drives. The worm also ends processes that contain any of the strings that follow: AN'SAV, ANSAV, ANTI, ASM, AVS, BUG, DBG, DETEC, HEX, NOD32, OPTIONS, PCMAV, PROC, REG, S M A D A V, SCAN, SCANNER, SECURITY, SMADAV, TASK, VIRUS, W32, and WALK. A text file may also be opened by the worm containing the message: “Maaf Apa yang kulakukan tak dapat kumaafkan Benar…”
The W32.Korron.A program is allegedly capable of changing the Web browser settings. Once it modifies the Web browser’s homepage, the user may have difficulty of manually modifying the homepage again. The W32.Korron.A program is also reported to change the Web browser settings. It may set the browser to reroute searches to other search engines or websites. It may reroute URL errors as well. The usual victim of this Trojan and other similar malware is the Microsoft Internet Explorer. But other Web browsers like Mozilla Firefox and Opera are susceptible to its attacks as well.