FRISK Software International

Virus Info > Virus Threats > Warezov.AKD


Summary of W32/Warezov.AKD
Discovered: 30 Aug 2007
Definition files: Heuristic
Risk Level: Medium
Distribution:Medium
 
Jump to:
Brief description
Technical description
Removal Instructions

Brief Description
W32/Warezov.AKD is worm that spreads using MSN Messenger. It was detected preemptively as W32/Warezov.gen4.


Technical Description
Upon first execution W32/Warezov.AKD drops the files w32tcomr.dll and w32tcomr.exe into the %SYSDIR%. The dropped files are all detected as W32/Warezov.AKD also.

Note: %SYSDIR% refers to the System directory. The default path for the respective operating systems is as follows:
  • Windows 95/98/Me - C:\Windows\System
  • Windows NT/2000 - C:\Winnt\System32
  • Windows XP - C:\Windows\System32

Creates the registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\w32tcomr]

and adds several values to it to make the file w32tcomr.dll run at startup.

On next reboot w32tcomr.dll drops more files, all detected as W32/Warezov.AKD as well.


Removal Instructions
For general removal instructions please click here.

Marteinn Þór Harðarson
 
Virus Info by Platform

Virus Info by Letter:

F-PROT Antivirus Alerts
Stay up to date with important developments via e-mail.
more...
Life cyle policy
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
more...
RSS News Feeds
Virus news and information directly to your desktop.
more...
Glossary of Terms
Definitions of common antivirus terminology.
more...
More Virus Info
For further virus information, please try our partners' websites:

Authentium

perComp Verlag
(in German)