Win32/Viking.MW, W32/HLLP.Philis, Worm.Win32.Viking.ma, Worm.Win32.Viking.ma, Worm.Viking!sd6
Category: Computer Virus
Some parts in Asia, North and South America, Europe and Australia
14 Sep 2007
W32.Deledsig.A is a virus that spreads infections in all executable files. It also changes the size of files with particular extensions namely the .mc9, .mc8, .prt, .pfm and .igs. Its infection length is 160, 768 bytes.
W32.Deledsig.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Deledsig.A from your computer.
More details about W32.Deledsig.A
This virus first appeared in China on September 14, 2007. It allegedly can create copies of itself. Once it has entered the system, it will use its resources to infect other computers. It may be sent to the user in an e-mail or instant message. The user may also download it from peer-to-peer (P2P) file sharing networks. Since this virus infects Windows systems removal files, it creates the %Temp%\Updata.exe file. Then it creates five registry entries.. After the creation of these entries, the virus will then infect all .exe files stored on the computer. Although, .exe files that have the following path names are excluded: WINDOWS, WINNT, Program Files, Mcam9 and Mcam8. Then, the virus will change the sizes of the following files into zero bytes: .mc9, .mc8, .prt, .pfm and .igs. Therefore, infection occurs successfully.
Based on some studies, infected files may also be placed in shared network resources. Users may be tricked into granting the infected file access to the system. It may be labeled as a popular download, media file or cracked retail software. It may also be spread via removable memory devices such as CDs and flash disks. This virus infects most Windows operating systems. The components it uses are typically named after core system processes. These files may be located in more than one file path. This allows the worm program to re-spawn even when some of its executable files have been removed. Processes are also added as values to the system registry. This allows the worm program to run once the system is started. The registry entries also allow the software to access system resources.