Les informations contenues dans cette rubrique de notre site web sont constamment mises à jour. Afin de vous garantir un contenu le plus actualisé possible, elles sont uniquement diffusées en anglais.

Virus Profile: W32/Gael.worm.a

Threat Search
Imprimer
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 13/07/2005
Date Added: 13/07/2005
Origin: Unknown
Length: Varies
Type: Virus
Subtype: Internet Worm
DAT Required: 4534
Removal Instructions
   
 
 
   

Description

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Indication of Infection

- Excessive netbios traffic emanating from infected system
- Presence of DL.EXE, GAELICUM.EXE, and CBACK.EXE

The virus does not create any registry keys or in any other way "install" itself to automatically start on system reboot.

Methods of Infection

This virus spreads via accessible network shares and by parasitically infecting existng executable files.

Aliases

Virus.Win32.Tenga.A (AVP), W32.Licum (Symantec)
   

Virus Characteristics

This detection covers a parasitic worm virus that spreads to both host executables as well as over accessible systems on a network.  The worm also downloads and executes other files.

When run, the worm infects .EXE files on the local system, appending itself to host files.  10 threads are created to search for infectable computers on the Internet, SYN packets are sent to random IP addresses on TCP 139 (netbios).  The worm then attempts to connect to responding systems via the IPC$ and open shares to parasitically infect files remotely.

The worm also attempts to download and execute a file name dl.exe from utenti.lycos.it .  At the time of this writing the site was not responding.  However, the virus was known to fetch a downloader trojan, Downloader-ACX, which downloaded two other files:

  • GAELICUM.EXE - dropper of W32/Gael.worm
  • CBACK.EXE - a new remote access trojan, BackDoor-CTM
   
All Users:
Use current engine and DAT files for detection and removal.

Close the shares created by this threat:

  • From the desktop, double-click My Computer
  • Right-click on the C: drive and choose Sharing...
  • Click the Not Shared button (or enter in the desired settings) and click OK

Additional Windows ME/XP removal considerations

   

Un ordinateur infecté ? Obtenez l'aide d'un expert !

McAfee
Service de suppression des virus

Contactez l'un de nos spécialistes en sécurité par téléphone. Regardez votre PC pendant que nous résolvons le problème à distance.

$89.95 (USD)

Publicité