Category: Computer Worm
Active & Spreading
Some parts of Asia, Europe, North and South America, Africa and Australia
06 Oct 2008
W32.Poskiwing was discovered on October 6, 2008. This worm propagates by producing a copy of itself to removable and network drives. This worm also infects some files and opens a back door in the computer. The operating systems this worm mostly affects are Windows 98, 95, XP, Me, Vista, NT, Server 2003 and 2000.
W32.Poskiwing Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Poskiwing from your computer.
More details about W32.Poskiwing
When W32.Poskiwing is executed, the worm shows a message in a dialog box that says “Error reading setup initialization file. If the message is clicked, the worm begins to copy itself as popk.exe and Shell.pci in the %System% folder. Then, the worm connects to [http://]skr.8800.org/skr[REMOVED] to receive commands from the attacker. From this URL, the worm also downloads and executes files. These files are popk.exe and autorun.inf that are stored in the %DriveLetter% folder of removable and network drives. Furthermore, the worm continues to infect other files with the following extensions: .exe,.scr, .com and .pif. The worm adds a malicious script tag to some files using .htm, .html, .asp, .jsp and .aspx file extensions. In addition, the worm has the ability to stop several processes from running.
The compromised computer may slow down when it is infected with the W32.Poskiwing application. This may be caused by the programs and files that were added by the software on the user’s machine. A computer that is not protected by security programs and firewalls are easily infected with threats. This is also the case for computers that are not patched for system vulnerabilities.