Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


WINEVAR WORM SPREADS IN THE WILD

Virus Name  : W32.Winevar.A@mm

Alias             : I-Worm.Winevar, WORM_WINEVAR.A, W32.HLLW.Winevar

Virus type    : Internet worm

Threat level : Low

Virus details :

                     Winevar is an Internet worm, uses e-mail addresses collected from DBX and HTM files to send infected messages. The worm main attachment will be "WIN<random characters>.PIF". The subject and message body will be random. This worm is also known as I-Worm.Winevar, W32/Winevar-A, WORM_WINEVAR.A, W32/Korvar, Bride.C, W32.HLLW.Winevar.

                     When the infected attachment is executed, the worm copies itself to Windows system folder as "Win<random characters>.PIF" and copies to windows desktop as "Explorer.pif". The worm also creates new keys in the registry Run and Run services section to load automatically. The registry modification is given below.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

                     Winevar worm uses IFRAME vulnerability to infect. When the user views the e-mail the embedded code is executed automatically and it drops the virus. Microsoft released security patches to close this security hole. If you haven't installed, you can get a copy at http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp

                     Winevar worm drops W32/Funlove virus in the infected system. Winevar will try to terminate antivirus and security programs in the infected system. On the next restart, it will display a message box "Make a fool of oneself: What a foolish thing you've done!". If the "OK" button is pressed the worm deletes all files in the system.

How can I protect my system?

                   Solo has incorporated Winevar worm in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this worm?

                   If you are already infected with this worm, download and install security patches from the link http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp according to your Internet Explorer version. Then run Solo anti-virus to remove the worm components and disinfect funlove virus.

                   Solo antivirus can detect and remove W32.Winevar.A@mm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link