McAfee > Theat Center > Virus Detail Page

Overview

Characteristics

W32/Werly is a virus that infects PE files.

Upon execution, it divides its file content into two parts and generates two files:

• %WinDir%\system32\bv.map
• %WinDir%\system32\INSTALL.EXe (assume that the name of the virus file is INSTALL.EXe)

(where %WinDir% is the default Windows directory, for example C:\WINNT, C:\WINDOWS etc.)

The file bv.map contains the pure virus body. And the file INSTALL.EXe is the old clean victim file.

Then it scans all .exe files in the compromised machine, and infects them by prepending the virus body to the beginning of these victim .exe files.

Symptoms

• existence of the dropped file described above
• size increase of  executable files

Method of Infection

W32/Werly is a virus that can spread through local and mapped network drives by infecting other executable files.

Removal

Use the latest Engine/Dats

Variants

Variants

N/A

All Information

Overview -

W32/Werly is a virus that infects PE files.

Characteristics

Characteristics -

W32/Werly is a virus that infects PE files.

Upon execution, it divides its file content into two parts and generates two files:

• %WinDir%\system32\bv.map
• %WinDir%\system32\INSTALL.EXe (assume that the name of the virus file is INSTALL.EXe)

(where %WinDir% is the default Windows directory, for example C:\WINNT, C:\WINDOWS etc.)

The file bv.map contains the pure virus body. And the file INSTALL.EXe is the old clean victim file.

Then it scans all .exe files in the compromised machine, and infects them by prepending the virus body to the beginning of these victim .exe files.

Symptoms

Symptoms -

• existence of the dropped file described above
• size increase of  executable files

Method of Infection

Method of Infection -

W32/Werly is a virus that can spread through local and mapped network drives by infecting other executable files.

Removal -

Removal -

Use the latest Engine/Dats

Variants

Variants -

N/A