FRISK Software International

Summary of W32/Warezov.AKD
Discovered: 30 Aug 2007
Definition files: Heuristic
Risk Level: Medium
Jump to:
Brief description
Technical description
Removal Instructions

Brief Description
W32/Warezov.AKD is worm that spreads using MSN Messenger. It was detected preemptively as W32/Warezov.gen4.

Technical Description
Upon first execution W32/Warezov.AKD drops the files w32tcomr.dll and w32tcomr.exe into the %SYSDIR%. The dropped files are all detected as W32/Warezov.AKD also.

Note: %SYSDIR% refers to the System directory. The default path for the respective operating systems is as follows:
  • Windows 95/98/Me - C:\Windows\System
  • Windows NT/2000 - C:\Winnt\System32
  • Windows XP - C:\Windows\System32

Creates the registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\w32tcomr]

and adds several values to it to make the file w32tcomr.dll run at startup.

On next reboot w32tcomr.dll drops more files, all detected as W32/Warezov.AKD as well.

Removal Instructions
For general removal instructions please click here.

Marteinn Žór Haršarson

Stay up to date with important developments via e-mail.
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Virus news and information directly to your desktop.
Definitions of common antivirus terminology.
For further virus information, please try our partners' websites:


perComp Verlag
(in German)