W32.Poscal.Worm
Aliases: I-Worm.Calposa [AVP], WORM_CALPOSA.A [Trend], W32/Calposa.worm [McAfee]
Variants: W32/Poscal.worm
Classification: Malware
Category: Computer Worm
Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 06 Nov 2002
Damage: Low
Characteristics: W32.Poscal.Worm first appeared on November 6, 2002. This is a worm that tries to propagate by sending itself across KaZaa file sharing networks. It also sends itself to all email addresses in the Microsoft Outlook address book. This worm mostly affects Windows 2000, 95, 98, Me, NT and XP.
W32.Poscal.Worm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Poscal.Worm from your computer.
More details about W32.Poscal.Worm
The worm performs several actions once W32.Poscal.Worm is executed. First, the worm displays the message that says “…Calposa by Industry @ ANVXgroup…” in a “UH OH WORM!” dialog box. If it is clicked, the worm copies itself as ActiveX.exe, SCR.exe, Mixer.exe, FK_AVs.exe, Explorer.exe, regedit.exe, Telnet.exe and Explorer.exe in drive C under Windows folder. Once the folder Kazaa in My Shared folders under the drive C, if existing, the worm produces more copies of itself as Norton_crack.exe, UT3_full_crack.exe, Windows_Hack.exe and Sims_Patch.exe. Then the System.ini file is overwritten as the code in the worm program indicates that it uses Microsoft Outlook to spread by sending itself to all email addresses in the Microsoft Outlook address book. The email has the subject “Anti-Virus Programs are corrupting your Software!” and FK_AVs.exe as the attachment.The W32.Poscal.Worm program is capable of downloading different kinds of illicit programs including, adware and spyware programs, dialer applications and other viruses. The additional components are executed on the affected computer without the user’s knowledge. Users may notice new shortcut icons on the desktop. This may have been added together with the downloaded files. The user’s privacy and security are compromised when the computer is infected with threats. Some components may be able to gather information regarding the affected computer such as the OS (operating system), RAM (Random Access Memory), IP (Internet Protocol) address and the user’s PII (Personally Identifiable Information). This information may be sent to third parties. Remote users may take advantage of the information to perform illicit activities.