Generic2.GYL, TR/Agent.aaa, Trojan.Agent.xrg, Trojan.Wantok.A, Trojan.Win32.Agent.aaa
W32/Trojan.LQQ, W32/USBWantok, W32/Wantok-A, Win32/USBWantok.A, Win32:Agent-CWA [Trj]
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
15 Nov 2006
The W32.Wantok application is a malicious worm that duplicates itself to all local hard disks on the compromised PC and shows a message when executed. This worm affects all Windows platform such as Windows 2000, Windows 98, Windows 95, Windows Me, Windows Server 2003, Windows NT, and Windows XP.
W32.Wantok Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Wantok from your computer.
More details about W32.Wantok
The malicious worm replicates itself to all local hard disks on the compromised PC and shows a message when executed. It is spread via network shares and removable media device. This worm affects all Windows platform and when W32.Wantok is executed, it creates files such as jub0.exe, svch0st.exe, bigdick.inf, and tokwan.txt on the System folder. It as well adds the value to the registry subkey in order to be automatically executed whenever the Windows starts. It will then display a message entitled “Tokwan Lonely”. This message contains the following text, “Hello Everybody, Kenai tokwan dak? Tokwan dah tua, etc. It further attempts to copy itself as [DRIVE LETTER]:\autorun.inf. to local drives D through P. Then Ends any processes with the altered file names that results to corruption of files.
This W32.Wantok application is also known for downloading and executing files and programs from a remote server. The Trojan application may download adware and spyware programs and other viruses. These are added to the user’s computer without permission. The additional components may decrease the system’s speed and take up computer resources. The W32.Wantok application may enter a computer through security errors and system vulnerabilities. It may be downloaded or dropped by other Trojan programs that are already present on the user’s machine. The user may also unknowingly download the threat while visiting websites that are not secure. Another way of getting the threat is through an infected file from P2P (peer-to-peer) programs.