W32/Eightsalone.worm, Win32.HLLW.Aitselom, W32/Esalone-A, Trojan:Win32/Delf.IR, PE_SELOTIMA.A
W32/Aitselom.A, Delf.S, Trojan.Aitselom.A, W32/Esalone.A.worm, Win32/Delf.IR
Category: Computer Worm
Active & Spreading
13 Mar 2005
The W32.Selotima.A is a worm that spreads through file sharing networks and attaches itself to .rar and .zip archives.
W32.Selotima.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Selotima.A from your computer.
More details about W32.Selotima.A
When the W32.Selotima.A worm is opened, it duplicates itself as “a:\Readme.txt.exe”, “c:\Readme.txt.exe”, and “%Windir%\daemon.exe”. Take note that “%Windir%” is a variable that submits to the installation folder of Windows. By default, this is C:\Winnt or C:\Windows. The worm drops the files “%Windir%\Infect.drv”, “%Windir%\Infectate.reg”, and “%Windir%\Muerte.drv”. The worm adds a value to the registry key so that the worm opens each time the Windows starts. The worm looks for .rar or .zip files and attaches itself as “Readme.txt.exe” to the archive.
According to various reports, the threat level for the W32.Selotima.A program is high. In general, high risk malware are installed with no user interaction via security exploits, and can cause system security to be severely compromised. These risks may possibly open illegal network links, disable security applications, utilize strategies to self-mutate, and alter system files. In addition, such risks may gather and send personally identifiable information (PII) without the user’s permission and reduce the computer’s stability and performance. It is possible that the W32.Selotima.A program aims to open a big security hole through which malicious spyware and adware can be installed into the computer. It also opens a backdoor that enables the remote attacker to acquire complete control over the comprised computer.