|Short Description||The threat replicates itself and may open a backdoor connection.|
|Symptoms||Connections to foreign hosts. Unfamiliar executable files replicating.|
|Distribution Method||Online file sharing software, others.|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by W32.Wabot.B|
|User Experience||Join our forum to follow the discussion about W32.Wabot.B.|
Beware of a worm going by the name of W32.Wabot.B. It is a variant of the wabot family and the worm has been reported to download malicious files on the affected PC from a remote server. Security experts strongly advise users to beware when they use their online file sharing services and also to carefully monitor the web sites they visit. Security experts recommend monitoring active connection from remote hosts to the PC itself. Users are also advised to watch for In case you have this worm, we have provided removal instructions after the article.
W32.Wabot.B – How Did I Get It?
One way to get affected by this worm is by using online file-sharing programs such as DC++ as well as intranet. There is also a possibility that a trojan.downloader may have inserted the threat from a remote location.
A good way to prevent such attacks from entering your PC in the future is to make sure that you use adequate firewall as well the proper protection software, but most of all, you should not in any way leave unfamiliar executable files unchecked. It is advisable to upload such files to online scanners such as virustotal.com that scan the file with multiple definitions and mechanisms.
W32.Wabot.B – More about It
Once launched on the affected computer, the cyber threat replicates its executables with random information embedded up to the ending. Here is an example, provided by Symantec of files that were created in a win32dc folder, located in %Windir%.
→BattleField 1942 serial.exe
Doom 3 cheat.exe
Silent Hill 4_cdfix.exe
Judging by the executables the worm targets primarily gamers, but it may also be modified to target other specific groups of users.
Once created copies of itself, the worm then begins looking for files with the word “share” in them and from the following formats as well:
The cyber threat then makes files that contain the absolutely same name and it also creates modifications to make them have the same length. The worm also makes an attempt to connect to us.undernet.org – a suspicious IRC server by using a random nickname. What the worm does afterwards is join a channel, going by the name of #vdm in IRC. It is also reported to use the passkey “fuck21”.
After this has been done the worm may be directly controlled with commands from us.undernet.org to jumpstart it into acting. It has the capability to:
- Download files from a backdoor.
- Collect system information
- Replicate itself and spread
Removing W32.Wabot.B Completely
In order to fully get rid of this online threat, you should make sure you follow the step by step manual illustrated belwow. What is more, it is highly advisable to employ a powerful anti-malware tool to help prevent further threats and restrict this worm from spreading and installing other malware on the PC.
Experts recommend to not simply look for and delete affected files and objects manually since it is more sophisticated than that. Instead, the connection for the internet should be immediately disconnected to restrict the worm. After this you should follow this manual.