W32.Waledac
W32.Waledac is a malicious worm infection that has the ability to send copies of itself through email possibly to your saved email contacts. W32.Waledac is known to affect all versions of Windows including Windows XP, Vista, Windows Server 2003 and Windows 2000. W32.Waledac may open up your computer to outside attacks where personal data may be stolen. It is recommended to detect worm infections such as W32.Waledac with a spyware scan program so that it can be removed completely from your system.
Aliases
TROJ_GENETIK.TI (Trend)
WORM_WALEDAC.C (Trend)
WORM_WALEDAC.AB (Trend)
WORM_WALEDAC.AS (Trend)
WORM_WALEDAC.AI (Trend)
WORM_WALEDAC.ED (Trend)
WORM_WALEDAC.CRV (Trend)
WORM_WALEDAC.BK (Trend)
Win32/Waledac.AJ (Computer Associates)
Win32/Waledac.Z (Computer Associates)
W32/Waled-Q (Sophos)
Troj/Waled-AB (Sophos)
W32/Waled-AF (Sophos)
Mal/WaledPak-B (Sophos)
W32/Waled-R (Sophos)
Troj/Waled-U (Sophos)
Troj/Waled-C (Sophos)
W32/Waled-AW (Sophos)
Mal/WaledPak-D (Sophos)
W32/Waled-Z (Sophos)
Email-Worm:W32/Waledac.A (F-Secure)
Trojan:W32/Waledac.A (F-Secure)
Iksmas.A.worm (Panda Software)
W32/Waledac.AX (Panda Software)
WORM_WALEDAC.C (Trend)
WORM_WALEDAC.AB (Trend)
WORM_WALEDAC.AS (Trend)
WORM_WALEDAC.AI (Trend)
WORM_WALEDAC.ED (Trend)
WORM_WALEDAC.CRV (Trend)
WORM_WALEDAC.BK (Trend)
Win32/Waledac.AJ (Computer Associates)
Win32/Waledac.Z (Computer Associates)
W32/Waled-Q (Sophos)
Troj/Waled-AB (Sophos)
W32/Waled-AF (Sophos)
Mal/WaledPak-B (Sophos)
W32/Waled-R (Sophos)
Troj/Waled-U (Sophos)
Troj/Waled-C (Sophos)
W32/Waled-AW (Sophos)
Mal/WaledPak-D (Sophos)
W32/Waled-Z (Sophos)
Email-Worm:W32/Waledac.A (F-Secure)
Trojan:W32/Waledac.A (F-Secure)
Iksmas.A.worm (Panda Software)
W32/Waledac.AX (Panda Software)
File System Modifications
- The following files were created in the system:
# File Name File Size (bytes) File Hash 1 %SYSTEMROOT%\system32\9782.exe N/A N/A 2 %SYSTEMROOT%\system32\drivers\svchost.exe N/A N/A 3 %USERPROFILE%\LOCALS~1\Temp\yPjX.exe N/A N/A 4 7.tmp 71,680 38631edc83897e1e333ff77cfea5d6ea 5 785.exe 415,232 d4045fac79632ef17cc0fd09b382aa8b 6 9782.exe 31,232 c81c01a90f4fe0eceb6ac5e0e1d308f6 7 _ex-08.exe 510,976 1914ce58ed53fd5227c716bd88f5f77c 8 _ex-68.exe 508,416 f1f73588ebfba5dcb141377cfb88f357 9 alg.exe 29,184 060a8b9a225989040523d502b4f066df 10 autochk.dll 26,624 a5e31506fbeb5324c00388def1383e35 11 b.exe 452,608 10868273a15688d11ccb584653542833 12 baracknews[1].exe 218,646 32f6c73e23d78f2887ea6152f392e743 13 BN19.tmp 416,768 cd71b60f3743fb3240e55c2c5af18eb7 14 cftmon.exe 20,480 37c0d8caaa704b93ebcbe968ed3e3545 15 contact[1].exe 410,112 64e984f1e15e7b1cd8f2365bf81afd7a 16 init.exe 47,616 acdd983a16c2807a86e494cafaae9769 17 install[1].exe 408,576 14d2afbd1f173e51219a0f24813e918a 18 main[1].exe 410,112 64e984f1e15e7b1cd8f2365bf81afd7a 19 malware.exe 411,136 97c82388d297c36121d0ae6710939d35 20 msauc.exe 141,824 3584271c754c867d9f3ec39c68973c23 21 news[1].exe 410,112 64e984f1e15e7b1cd8f2365bf81afd7a 22 print[1].exe 410,112 64e984f1e15e7b1cd8f2365bf81afd7a 23 run[1].exe 410,112 64e984f1e15e7b1cd8f2365bf81afd7a 24 s[1].exe 414,208 02782ddfbd851ce17c68dce078dde190 25 sam.exe.exe 391,168 cea1c8dd332a40a0cc5339ef10e049bc 26 save.exe 410,112 64e984f1e15e7b1cd8f2365bf81afd7a 27 sever.exe 432,128 44fa40faf361470cd2f21b464eecf355 28 svchost.exe 43,520 96f27ea15a37577458d2052a69e1c06e 29 system.exe 437,248 03d705d326a453cea676452367d8232e 30 wpv011242765100.exe 428,544 5f241ed13aea68f307f397bb3f8b49a7 31 wpv291243516707.exe 415,744 4c3c282b76551bf159ebcce6a500717e 32 wpv311228474072.cpx 377,856 d4bcb347777fbe38f9fc18a7be89000a 33 wpv351242765100.exe 428,544 b37c22ad3b469b0791ba589b903e3600 34 wpv451242765100.exe 428,544 4d77fc46e767ca764fb7d1485f8dc170 35 wpv601242765100.exe 428,032 83b2b2ee6a253d28eda5fbad93920823 36 wpv631242765100.exe 418,816 eb4bd778243877b4a82e2cc1165f1bdc 37 wpv661242765100.exe 420,352 a460514e0e6caa4f9fba86dab5939917 38 wpv841243516707.exe 435,712 cd0969b37f2c307eebcdd4690467802d 39 wpv881243516707.exe 417,280 e88d03bf3bf2061a9ca88efa1d5cf99a 40 yPjX.exe 415,232 82008273fc6eff975e0cf3bfc0e2396f
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\"MyID" = "[HEXADECIMAL DIGITS]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\"RList" = "[HEXADECIMAL DIGITS]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"PromoReg" = "[PATH TO THREAT FILE]"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.