Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 07 Jun 2004
Damage: Low

Characteristics: W32.Rainwash is a worm that infects Windows Systems. It propagates by copying itself to the Kazaa-shared folder. When the worm is executed, it displays the fake message: "Cannot find vbflash32.dll, program disrupted." The worm is a slow infector. It causes low damage to the infected computer and can be easily removed.

More details about W32.Rainwash

The worm W32.Rainwash spreads to other computers using the Kazaa shared folder. When W32.Rainwash is executed displays the fake error message: “Cannot find vbflash32.dll, program disrupted”. When this message pops up on your screen, the worm has infected your computer. After displaying the message to announce its presence, it copies itself to the following folders if they exist: Copies itself to the following folders, if they exist: C:\Program Files\KaAaA\My shared folder\The White Stripes - IM INFECTED.mp3 and C:\Documents and Settings\All Users\Start Menu\Programs\BrainwashBrainwashBrainwash45.exe. The worm may cause general system and Internet connectivity issues. This means that running Windows or connecting to the Internet may be slowed down by the worm. Although the worm does not cause a high damage to the infected system, early removal is advisable.

The W32.Rainwash program can be disguised as a harmless file. Users may add it into the system without knowing it is malicious. Malware program authors can manually spread it by sending mass e-mails and instant messages. The applications can also be uploaded to peer-to-peer file sharing networks and websites. They may also be bundled with other software. The W32.Rainwash application places its files in the system. These may be named similar to legitimate processes. Random sequences of characters can also be used. This prevents the software from being easily detected.