MSN-Worm.Sinmsn.a, W32/Sinis.worm, Win32/HLLW.Sinis.A, WORM_SINIS.A, W32/Sinmsn.A
I-Worm/Sinis.A, Win32.Worm.Sinmsn.A, W32/Sins, Win32/Simnsn.A
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
30 Jul 2003
The W32.Simic.Worm program is a virus worm that multiplies through the use of MSN Messenger.
W32.Simic.Worm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Simic.Worm from your computer.
More details about W32.Simic.Worm
The W32.Simic.Worm program is a worm virus that multiplies itself through the use of the MSN Messenger. When W32.Simic.Worm runs, it duplicates “Sins.exe” to the default folder of MSN Messenger download. The W32.Simic.Worm program then executes “sins.exe”, which downloads “Vbdlls.exe”, “sin.dll”, and “Msn.exe” files from the “script.mine.nu”. The worm runs “Vbdlls.exe, which installs the Visual Basic run time components on the computer system. The worm opens “Msn.exe”, which verifies whether MSN is running, and if so, would send “Sins.exe” to anyone who sends messages to the infected system.
The malware may only be acquired from MSN messenger. The program will automatically reside in the memory to avoid detection once the attachment is downloaded and executed by the user. Once active for the first time, the malware will patch the explorer.exe program in Windows for its functionality. During the installation, the malware program may be capable of picking out a random INI file and embedding its code on the end-of-file. It will then proceed to integrating it to the Windows Registry to automatically execute during Windows Startup. The W32.Simic.Worm program is a worm that multiplies itself making use of MSN Messenger. When the worm executes, it duplicates “Sins.exe” to the default MSN Instant Messenger download folder. Take note that “Sins.exe” could also have the name “msninst.exe”. W32.Simic.Worm opens “sins.exe” which downloads the “Vbdlls.exe”, “Sin.dll”, and “Msn.exe” files from the “script.mine.nu”. The W32.Simic.Worm opens the “Vbdlls.exe” which sets up the VB Microsoft Outlook run time components on the computer system. The worm also opens “Msn.exe”, which verifies whether MSN messenger is running, and if so, the worm will send “Sins.exe” to anyone who Instant message’s the infected computer system.