Aliases: W32/Revolnam.a
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 16 Jun 2006
Damage: Low

Characteristics: W32.Revolnam is a virus that infects Windows Systems. When the worm infects a computer, it locates .exe files and infects them. It also shuts down the infected computer. It is a slow infector and causes low damage. It is easy to remove using an updated antivirus program.

More details about W32.Revolnam

Once the worm W32.Revolnam is executed, it checks for the user's logon name and for the presence of a file. It ends itself when it finds one of the following checkpoints: User's logon name is 'Sara' or 'IMPOSTOR', and Existence of C:\IMPOSTOR.IM. It searches for executable files to infect in the Windir folder and its subfolders: Help, Downloaded Program Files, and inf. The windir folder is the Windows installation folder. It also searches and infects executable files in the System folder and its subfolder: dllcache. Lastly, it searches for executable files to infect in the current folder. The current folder is where the risk was originally executed. When the worm infects a computer, it shuts it down. The threat must be eliminated once it is detected.

The W32.Revolnam application can spread adware, spyware and other Trojan software. These are executed in the computer without the user’s consent. Advertisements can be displayed consistently in the infected computer. These can come in the form of pop-ups, pop-unders, banners, links, or desktop displays. Online activities may be monitored. This can include visited web pages, clicked links, typed URLs and search terms. The information is sent to a remote server and used to send more targeted advertisements.