Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 03 Apr 2009
Damage: Medium

Characteristics: W32.Relnek.A is a computer worm. It spreads on local and network shared drives. However, W32.Relnek.A may also infect various executable files. When the worm is not removed, it may cause a system crash. The worm is a slow infector; it causes low damage and is easy to remove from an infected computer.

More details about W32.Relnek.A

When executed, the virus scans the memory of the infected computer. It checks for executing infected files so that only one instance of the virus is running. Afterwards, it searches mapped and removable drives for executable files to infect. While attempting to infect files, the virus may crash the compromised computer. The infected computer then displays a Microsoft Send Error Report message. The message has a title that reads: Foobar. The body of the message says: Foobar has encountered a problem and needs to close… Some files infected by the virus may be corrupted and when executed display the following message: “Title: C:\Blah.exe” and “Body: C:\Blah.exe is not a valid W32 application.” When the worm is detected on the computer, it must be eliminated immediately. The worm causes the system to crash when infecting files on the computer.

The W32.Relnek.A software uses the compromised computer’s Internet connection to access remote file servers. The Trojan program downloads illicit files once a connection has been established. It may download the StartPage Trojan program. The StartPage Trojan software is known for hijacking the user’s web browser and changing the default web pages on the computer. Other files that the software may download are said to be adware and spyware programs, BHOs (Browser Helper Objects), toolbars, worm programs, backdoor Trojan applications and downloader Trojan programs. All these components may take up most of the computer’s local disk space.