Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
14 May 2007
W32.Neela is usually introduced to the network using removable devices or USB drives activated by autorun.inf. As such, it creates an autorun.inf file on all mapped drives so that the threat automatically opens when the drive is logged on. It oversees and monitors all the drives connected to the infected computer. It automatically generates “autorun.inf” on all accessible drives. It affects all windows platforms namely, Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP. It may also try to disable antivirus applications.
W32.Neela Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Neela from your computer.
More details about W32.Neela
File creation is also another tactic of this worm to propagate; thus creating files namely index.dat, Word Template.LNK, csrss.exe, lsass.exe, services.exe, smss.exe, winlogon.exe, 2.doc, lsass.doc, services.doc, winlogon.doc, smss.doc, Normal.exe, execute.exe, At1.job, leena.job, aneel.exe, l33na.exe, leena.ini, Normal.zip, Administrator task, Word Template, leena.12-5-2007 and Read This.exe. The worm also modifies registry keys so that the worm will start every time the window starts. Another recognizable symptom of this virus is that it displays a text in Microsoft Word document saying, “The worm then displays the following text in a leena...” Saat terindah miliki dirimu..”Hanya saat mataku terpejam,dan berkhayal memilikimu.”Pernahkah kau memimpikanku,impikan kita??” Hingga semua ini seakan nyata,” and “Salam sayang selalu untukmu.” It also tries to add this text on word documents every Sunday, “Leena, I love you, Magelang,10-06."
The W32.Neela program may enter the system when downloader applications add them. They may be downloaded from a remote server then installed and executed. The user may also receive it in an e-mail from an unknown sender. The program could be labeled as a software patch, e-card, screensaver or Flash presentation. Users are commonly instructed to open an attached file or click on a link to view it. The W32.Neela application may be added to the system by downloader programs. It may also be uploaded on file sharing networks and websites. Drive-by-downloads can also spread the software.