W32/Winfig.worm

W32/Winfig.worm

Threat Detail

  • Malware Type: Virus
  • Malware Sub-type: Floppy Worm
  • Protection Added: 2002-10-10

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.


Minimum Engine

5400.1158

File Length

33,280 bytes

Description Added

2002-10-10

Description Modified

2002-10-10

Malware Proliferation

This worm copies itself to floppy diskettes and alters the desktop wallpaper. When run, the worm copies itself to c:\Windows\Winfig.exe and creates a WIN.INI run key to load itself at startup:
  • run=c:\windows\winfig.exe
It then exits. When the system is restarted, Winfig.exe is loaded. It creates an image, c:\Windows\FxxxFhc.bmp and sets this image as the default tiled-wallpaper.

Every 5 minutes the worm attempts to copy itself to the A:\ drive as Winsound.exe

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Additional Windows ME/XP removal considerations

This worm spreads via floppy diskettes.
Presence of the following files:
  • A:\Winsound.exe
  • C:\Windows\Winfig.exe
  • C:\Windows\FxxxFhc.bmp