Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove W32.Wabot.B Completely

Name W32.Wabot.B
Type Worm infection.
Short Description The threat replicates itself and may open a backdoor connection.
Symptoms Connections to foreign hosts. Unfamiliar executable files replicating.
Distribution Method Online file sharing software, others.
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by W32.Wabot.B
User Experience Join our forum to follow the discussion about W32.Wabot.B.

help-removal-sensorstechforumBeware of a worm going by the name of W32.Wabot.B. It is a variant of the wabot family and the worm has been reported to download malicious files on the affected PC from a remote server. Security experts strongly advise users to beware when they use their online file sharing services and also to carefully monitor the web sites they visit. Security experts recommend monitoring active connection from remote hosts to the PC itself. Users are also advised to watch for In case you have this worm, we have provided removal instructions after the article.

W32.Wabot.B – How Did I Get It?

One way to get affected by this worm is by using online file-sharing programs such as DC++ as well as intranet. There is also a possibility that a trojan.downloader may have inserted the threat from a remote location.
A good way to prevent such attacks from entering your PC in the future is to make sure that you use adequate firewall as well the proper protection software, but most of all, you should not in any way leave unfamiliar executable files unchecked. It is advisable to upload such files to online scanners such as virustotal.com that scan the file with multiple definitions and mechanisms.

W32.Wabot.B – More about It

Once launched on the affected computer, the cyber threat replicates its executables with random information embedded up to the ending. Here is an example, provided by Symantec of files that were created in a win32dc folder, located in %Windir%.

BattleField 1942 serial.exe
BattleField 1942(fix).exe
BattleField 1942_serial.exe
Counter-Strike(serial).exe
Counter-Strike_fix.exe
DAoC nocd.exe
Doom 3 cheat.exe
Doom 3(cheat).exe
Doom 3_hack.exe
FlatOut crack.exe
FlatOut(fix).exe
FlatOut_cheat.exe
Quake3 cheat.exe
Quake3(cdfix).exe
Quake3(nocd).exe
Quake3_cheat.exe
Quake3_fix.exe
Silent Hill 4_cdfix.exe
UT2004_fix.exe

Judging by the executables the worm targets primarily gamers, but it may also be modified to target other specific groups of users.
Once created copies of itself, the worm then begins looking for files with the word “share” in them and from the following formats as well:

→.exe;.scr;.com;.pif;.cmd;.bat

The cyber threat then makes files that contain the absolutely same name and it also creates modifications to make them have the same length. The worm also makes an attempt to connect to us.undernet.org – a suspicious IRC server by using a random nickname. What the worm does afterwards is join a channel, going by the name of #vdm in IRC. It is also reported to use the passkey “fuck21”.

After this has been done the worm may be directly controlled with commands from us.undernet.org to jumpstart it into acting. It has the capability to:

  • Download files from a backdoor.
  • Collect system information
  • Replicate itself and spread

Removing W32.Wabot.B Completely

In order to fully get rid of this online threat, you should make sure you follow the step by step manual illustrated belwow. What is more, it is highly advisable to employ a powerful anti-malware tool to help prevent further threats and restrict this worm from spreading and installing other malware on the PC.
Experts recommend to not simply look for and delete affected files and objects manually since it is more sophisticated than that. Instead, the connection for the internet should be immediately disconnected to restrict the worm. After this you should follow this manual.

1. Boot Your PC In Safe Mode to isolate and remove W32.Wabot.B
2. Remove W32.Wabot.B with SpyHunter Anti-Malware Tool
3. Remove W32.Wabot.B with Malwarebytes Anti-Malware.
4. Remove W32.Wabot.B with STOPZilla AntiMalware
5. Back up your data to secure it against infections by W32.Wabot.B in the future
NOTE! Substantial notification about the W32.Wabot.B threat: Manual removal of W32.Wabot.B requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.