W32/Pitin-A, W32/Pitin, W32.Pitin.C, W32/Pitin.C
Category: Computer Worm
Active & Spreading
Some parts of Asia, Europe, North and South America, Africa and Australia
10 May 2007
W32.Pitin is a type of worm that downloads files from the internet then produces copies of itself to the local drive and network shares. This worm mostly affects operating systems of Windows 2000, 95, 98, Me, NT, Server 2003 and XP. This worm first appeared on May 10, 2007.
W32.Pitin Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Pitin from your computer.
More details about W32.Pitin
Once W32.Pitin is executed, the worm produces copies of itself as SCVHOST.exe in %System% and SCVHOST.exe in %Windir%. Then in every folder of a shared drive, the worm copies itself as the following format [DRIVE LETTER]\[FOLDER NAME].exe. The worm continues to create files. Tasks\At1.job and setting.ini are created. Next, the worm creates and modifies some system registry entries. Afterwards, the worm creates executable files to the local drive and network shares using folder names. When the created files are clicked by the user, the worm downloads and executes other files that contain malicious threats from various URLs.
The W32.Pitin program is capable of adding worm programs, BHOs (Browser Helper Objects), adware and spyware programs, illicit codes, backdoor Trojan programs and viruses on the compromised machine. These programs may take up most of the system’s disk space. This may result in a slower computer performance. The components added by this application on the user’s machine are capable of stealing sensitive information from the system. This includes the user’s PII (Personally Identifiable Information), the OS (Operating System), the RAM (Random Access Memory) and the compromised system’s IP (Internet Protocol) address. Third parties may utilize this information to carry out illicit attacks on the user’s machine.