Virus:Worm/Arequipa.B
Date discovered:17/01/2006
Type:Worm
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:57.344 Bytes
MD5 checksum:dabd4e43f985335974c26d46469d2ea4
VDF version:6.33.00.128

 General Aliases:
   •  Kaspersky: Worm.Win32.Arequipa.b
   •  TrendMicro: WORM_AREQ.A
   •  Sophos: W32/Arequip-B
   •  VirusBuster: virus Worm.Arequipa.A
   •  Bitdefender: Worm.Arequipa.B


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP


Side effects:
   • Drops files
   • Registry modification

 Files It copies itself to the following locations:
   • C:\My documents\FOTOS.EXE
   • C:\ARCHIVOS DE PROGRAMA\FOTOS.EXE
   • %PROGRAM FILES%\FOTOS.EXE
   • C:\mis documentos\FOTOS.EXE
   • %WINDIR%\mmtask.exe
   • A:\FOTOS.EXE

 Registry – HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   • "mmtask"="%WINDIR%\mmtask.exe"



The following registry key is added:

– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion
   • "Counter"=1

 File details Programming language:
 The malware program was written in Visual Basic.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Bogdan Iliuta on Thursday, October 12, 2006
Description updated by Andrei Ivanes on Tuesday, October 31, 2006

Back . . . .