Virus:W32/Werly.A
Date discovered:21/01/2009
Type:File infector
In the wild:No
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low
Static file:No
File size:183.808 Bytes
IVDF version:7.01.01.203 - Thursday, January 29, 2009

 General Method of propagation:
   • Infects files


Aliases:
   •  Symantec: W32.Werly.A
   •  Mcafee: W32/Werly
   •  Kaspersky: Virus.Win32.Agent.cg
   •  Sophos: W32/Werly-A
   •  Eset: Win32/Werle.B
   •  Bitdefender: Win32.Werly.A


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Infects files

 Files The following files are created:

– Temporary files that might be deleted afterwards:
   • %SYSDIR%\bv.tmp
   • %SYSDIR%\bv.map
   • %SYSDIR%\bv.exe

 File infection Infector type:

Prepender - The virus code is added at the begining of the infected file.


Method:

This memory-resistent infector remains active in memory.


Infection length:

Approximately 184.000 Bytes


The following files are infected:

By file type:
   • *.exe

Files in any of the following directories:
   • %all directories%

 Miscellaneous Mutex:
It creates the following Mutex:
   • bvMutex

 File details Programming language:
 The malware program was written in Delphi.

Description inserted by Daniel Constantin on Wednesday, February 10, 2010
Description updated by Daniel Constantin on Wednesday, February 10, 2010

Back . . . .