McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• W32/Achar.worm!p2p

Characteristics

This worm propagates via the KaZaA P2P file-sharing network. It is also intended to spread over networks (copying itself to the startup folder), but due to a bug this propagation mechanism fails.

When executed the worms copies itself into the system default KaZaA shared folder (determined from Registry key), using the following enticing filenames:

• Crack McAfee 7.exe
• Crack Norton 3000.exe
• Borland KeyGens.exe
• MP3 encoder_decoderV1.8.exe
• HackNTTools.zip [many spaces] .exe
• SophosCrackAllVersion.exe
• BitDefender.KeyGen.exe
• Nod32Crack.exe
• PANDA.lusers.exe
• PANDA.AVers.lusers.exe

It then tries to copy itself as CUCARACHA.EXE in the Spanish and English versions of the Startup folder on remote machines, but fails due to a bug.

Symptoms

Presence of the above files in the KaZaA shared folder

Method of Infection

The worm needs to be executed in order to start spreading.

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• W32/Achar.worm!p2p

Characteristics

Characteristics -

This worm propagates via the KaZaA P2P file-sharing network. It is also intended to spread over networks (copying itself to the startup folder), but due to a bug this propagation mechanism fails.

When executed the worms copies itself into the system default KaZaA shared folder (determined from Registry key), using the following enticing filenames:

• Crack McAfee 7.exe
• Crack Norton 3000.exe
• Borland KeyGens.exe
• MP3 encoder_decoderV1.8.exe
• HackNTTools.zip [many spaces] .exe
• SophosCrackAllVersion.exe
• BitDefender.KeyGen.exe
• Nod32Crack.exe
• PANDA.lusers.exe
• PANDA.AVers.lusers.exe

It then tries to copy itself as CUCARACHA.EXE in the Spanish and English versions of the Startup folder on remote machines, but fails due to a bug.

Symptoms

Symptoms -

Presence of the above files in the KaZaA shared folder

Method of Infection

Method of Infection -

The worm needs to be executed in order to start spreading.

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A