Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
28 Jan 2005
The W32.Unfunner.A is a worm application that uses MSN Messenger to propagate and undo all damages caused by W32.Funner. This worm is encrypted in Microsoft Basic Visual. When executed, W32.Unfunner will perform some actions.
W32.Unfunner.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Unfunner.A from your computer.
More details about W32.Unfunner.A
The [random folder] was created by merging one or even more of the words such as Application, System, Microsoft, Windows, Server, Remote, Admin, Manager, Driver, Win, Socket, Root, Device, Current, Service, and Update. The worm also replicates itself in the same folder where the W32.Unfunner.A was performed using names such as W32_Funner_Removal_Tool.exe, Lindows_OS_Crack_beta.exe, DreamWeaVer-Keygen.exe etc. The worm tries to send %Windir%\MSN_7_01 having .exe extension to the contacts stored in the Messenger program of the Microsoft MSN. The worm also tries to undo the harm done by the virus by eliminating the files such as, in case it is present, c:\funny.exe, %System%\IEXPLORE.EXE, %System%\bsfirst2.log, %System%\EXPLORE.EXE, %System%\userinit32.exe, %System%\EXPLORER.EXE, and %Windir%\rundll32.exe. The worm deletes the keys of the registry and resets value to the subkey of the registry. The worm also modifies the hosts file to the default of the Windows by eliminating the present files.
Once the W32.Unfunner.A. was executed, it displays the Error Messages such as the ‘Error in: msnmsgr.exe’ and ‘66 97 115 101 70 97 99 116 111 114’. The worm replicates itself as %Windir%\MSN_7_01.exe and %System%\[Random name, ending with .dll, .exe, or .cfg].exe The W32.Unfunner.A seeks the folder of the System and then replicates itself to that found location. This is the C:Windows System32 (only Windows XP), C:WindowsSystem (Windows Me, Windows 98, and Windows 95), or even C:WinntSystem32 (Windows NT and Windows 2000). The worm also adds a value to the key of the registry so that in case the Windows starts the worm will run at the same time.