Category: Trojan Horse
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
07 May 2008
The W32.Wowinzi.A program could download and execute much more threat on the already infected PC. It spreads through removable media drives, network shares, and local drives. It affects Windows Operating system such as Windows 95, Windows 2000, Windows Me, Windows 98, Windows Server 2003, Windows NT, Windows Vista, and Windows XP.
W32.Wowinzi.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a trojan horse removal tool to automatically clean W32.Wowinzi.A from your computer.
More details about W32.Wowinzi.A
W32.Wowinzi.A is a worm that propagates by copying its code to mapped, fixed and removable media drives on the computer. It can also steal data and download malicious code. The worm can be downloaded from compromised sites. Once W32.Wowinzi.A is executed on your system, the worm copies itself as windows.txt and Tasks\0x01xx8p.exe on Windows Folder. It as well creates a copy of spoolsv.exe and modifies dllcache\spoolsv.exe and spoolsv.exe in the system folder. The Hacktool.Rootkit and Infostealer.Gampass file could then be dropped and executed on the compromised computer. The worm also duplicates to all removable and fixed drives as MSDOS.bat on the Drive Letter. It will then further create autorun.inf on all fixed and removable media drives in order to execute itself automatically whenever the drive is accessed. The worm also creates the registry entry to run the virus every time Windows starts.
The worm has the ability to contact a particular URL to retrieve configuration information. After this process, it copies itself to network and removable drives, download and execute the file, tries to infect executable files, gather e-mail addresses, injects malicious code to local network user pages and into Web pages on the computer and attempts to propagate through network shares.