Backdoor.Win32.Bifrose.cft, W32/Honk, W32/NetworkWorm.BSA
Category: Computer Virus
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
21 Dec 2005
The W32.Wisfc program is a type of virus that infects.dll, .exe, and .scr files. It as well drops another threat, a variant of the Download.Trojan family. System affected by this virus are Windows 95, Windows 2000, Windows Me, Windows 98, Windows Server 2003, Windows NT, and Windows XP.
W32.Wisfc Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Wisfc from your computer.
More details about W32.Wisfc
Once W32.Wisfc is executed on your system, it copies itself as winsfc.exein the System folder. The virus also creates the mutex particularly the WINSFC_MUTEX so that only 1 copy of the virus will run on the compromised computer at any 1 time. Because of these processes, the virus may add values to the registry sub key as winsfc.exe in order for the virus to automatically run each time Windows starts. The virus is likely to drop and execute .exe file from the Windows temporary folder. This file is the variant of the Download.Trojan family. The downloaded malicious file looks for and infects any.dll, .exe, and .scr files found on any of the drives installed on the compromised computer.
The programming script of the W32.Wisfc program contains a specific server it will contact. The malware application may send a notification message once it has been installed. This reportedly contains system information such as IP address, operating system, and CPU. The software will then wait for commands on the backdoor. All communication is facilitated with HTTP (HyperText Transfer Protocol).