W32/Soriw.worm, Backdoor.Trojan, Troj/Sory-A, Win32/HLLW.Soriw.A,
WORM_SURIW.A, Worm/Soriw.A, W32/Soriw.A.worm, Win32/Soriw.A
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
29 Mar 2005
The W32.Sory.A application is a worm that multiplies through network shares and gets private information.
W32.Sory.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Sory.A from your computer.
More details about W32.Sory.A
When the W32.Sory.A worm is opened, it duplicates itself as “%System%Services.exe”. Take note that, “%System%” is a variable submitted to the System folder. By default this is “C:WinntSystem32 (Windows NT/2000)”, “C:WindowsSystem32 (Windows XP)”, or “:WindowsSystem (Windows 95/98/Me)”. The worm then makes the file “%System%wmksm.msm”. It tries to multiply through the network shares. The worm logs the following info: “Keystrokes”, “E-mail settings”, “Windows registration details”, and “Information about the computer hardware”. It stores the logged info in randomly named documents in the folders “%System%Temp (5035 bytes)”, and “%Windir%Temp”. Take note that “%Windir% is a variable submitted to the folder of Windows installation. By default, this is “C:Winnt” or “C:Windows”. It stores the names of such random files in “%System%wmksm.msm.” removal.
The W32.Sory.A worm has the ability to go through the system of the user and from there, it could steal vital information. It could also infect the system of the user via exploits. From reports, the W32.Sory.A worm has been infecting systems worldwide. It has been working on different Windows platform and uses the Internet Explorer. An example of a huge damage that this W32.Sory.A worm can do is that it could get personal information from the user that would be related to their financial services. It could do a scan on the user's computer and get this kind of information regarding their paying methods and this will be sent to the remote server.