Aliases: W32/Pitin.Worm
Variants: W32/Pitin-A, W32/Pitin, W32.Pitin.C, W32/Pitin.C

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 10 May 2007
Damage: Low

Characteristics: W32.Pitin is a type of worm that downloads files from the internet then produces copies of itself to the local drive and network shares. This worm mostly affects operating systems of Windows 2000, 95, 98, Me, NT, Server 2003 and XP. This worm first appeared on May 10, 2007.

More details about W32.Pitin

Once W32.Pitin is executed, the worm produces copies of itself as SCVHOST.exe in %System% and SCVHOST.exe in %Windir%. Then in every folder of a shared drive, the worm copies itself as the following format [DRIVE LETTER]\[FOLDER NAME].exe. The worm continues to create files. Tasks\At1.job and setting.ini are created. Next, the worm creates and modifies some system registry entries. Afterwards, the worm creates executable files to the local drive and network shares using folder names. When the created files are clicked by the user, the worm downloads and executes other files that contain malicious threats from various URLs.

The W32.Pitin program is capable of adding worm programs, BHOs (Browser Helper Objects), adware and spyware programs, illicit codes, backdoor Trojan programs and viruses on the compromised machine. These programs may take up most of the system’s disk space. This may result in a slower computer performance. The components added by this application on the user’s machine are capable of stealing sensitive information from the system. This includes the user’s PII (Personally Identifiable Information), the OS (Operating System), the RAM (Random Access Memory) and the compromised system’s IP (Internet Protocol) address. Third parties may utilize this information to carry out illicit attacks on the user’s machine.