Category: Computer Worm
Active & Spreading
23 Jan 2008
The W32.Uporesc application infects .html and .exe files spreads through replicating itself to drives that are removable. It downloads also potentially malevolent files on the internet. It replicates itself to some locations when it executes.
W32.Uporesc Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Uporesc from your computer.
More details about W32.Uporesc
If the worm searches for any of the specified Chinese character, the worm will automatically closes the open window. The after that the worm infects all of the files having .exe extension in the Drive D to the Drive N. It will avoid infecting these particular files in case the folder contains strings such as C:\\Program Files, windows, mir, winnt, documents and settings, qq, and ghost. Also the Chinese characters of the names such as the Jianxie, Zhengtu, Moshou, Menghuan Xiyou, Datang Haoxia, Wulin Waizhuan, QQ Huaxia, Wanmei Guoji, Rexue Chuanqi, Dahua, Fengyun, Wanmei Shijie, Tianlong Babu, Moyu, Juren, Zhuxian, and Rexue Jianghu. The worm also infests those files that are in the Drives D to Drives N having the .cgi, .htm, .aspx, .php, .asp, and/or .html.
Once the W32.Uporesc was performed, the worm replicates itself to the C:\api32.exe, %System%\api32.exe, and %System%\svchost.dll locations. The worm also generates files such as the %System%\exe.sys, %System%\IME\svchost.exe, and %System%\Autorun.inf. The worm may also has the ability to drop the file %SYSTEM%\svchost.dll. The worm also creates subkey to the registry and also generates entries to the registry. Then the worm will delete the subkeys on particular registry. Then it modifies the created entry of the registry. The worm also check out the headings of the applications that are open so it can see if these titles contain strings that are related to the products that are security related and it is widely used in China.