W32/Voumit-A

Category: Viruses and Spyware
Type: Win32 worm
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Voumit-A is a peer-to-peer networking worm for the Windows platform.

W32/Voumit-A terminates processes, deletes files and copies itself to multiple locations on the hard disk with various filenames.

W32/Voumit-A terminates the following processes:

_AVP32.exe
_AVPCC.exe
_AVPM.exe
ADVXDWIN.exe
AGENTW.EXE
ALERTSVC.exe
ALOGSERV.exe
ALOGSERV.exe
AMON9X.exe
ANTI-TROJAN.exe
ANTS.exe
APVXDWIN.exe
ATCON.exe
ATUPDATER.exe
ATWATCH.exe
AUTODOWN.exe
AVCONSOL.EXE
AVCONSOL.exe
AVGCC32.exe
AVGCTRL.exe
AVGSERV.exe
AVGSERV9.exe
AVGW.exe
AVKPOP.exe
AVKSERV.exe
AVKSERVICE.exe
AVKWCTL9.exe
AVP32.exe
AVPCC.exe
AVPM.EXE
AVPM.exe
AVSCHED32.exe
AVSYNMGR.exe
AVWINNT.EXE
AVXMONITOR9X.exe
AVXMONITORNT.exe
AVXQUAR.exe
AVXQUAR.EXE
AVXW.exe
BLACKD.exe
BLACKICE.exe
CCAPP.EXE
ccApp.exe
CCPXYSVC.EXE
crypt.exe
data.exe
diag.exe
dir.exe
disc.exe
ETRUSTCIPE.EXE
EVPN.EXE
EXPERT.exe
expoler.exe
F-AGNT95.exe
F-PROT.exe
F-PROT95.exe
FAMEH32.exe
FP-WIN.exe
FRW ERV.exe
host.exe
ICLOAD95.EXE
ICLOADNT.EXE
ICMON.EXE
ICSUPP95.EXE
ICSUPPNT.EXE
IFACE.EXE
IOMON98.exe
msconfig.EXE
NAV AUTO-PROTECT.exe
NAVAP.EXE
NAVAPSVC.EXE
Navapw32.exe
NAVENG
NAVEX15.EXE
NAVLU32.EXE
NAVW32.EXE
NAVWNT.EXE
NDD32.EXE
NPSSVC.EXE
NSCHED32.EXE
PAV.EXE
PCCIOMON.EXE
PCCNTMON.EXE
PCCWIN97.EXE
PCCWIN98.EXE
PCSCAN.EXE
PERSFW.EXE
PERSWF.EXE
POP3TRAP.EXE
RAV7.EXE
Regedit.com
Regedit.EXE
regedt32.EXE
run.exe
service.exe
sfc.EXE
spool.exe
ssms32.exe
sys.exe
sysedit.EXE
taskmgr.exe
VPC32.EXE
VPTRAY.EXE
VSCHED.EXE
VSECOMR.EXE
VSHWIN32.EXE
VSMAIN.EXE
VSMON.EXE
VSSTAT.EXE
win.exe
WScript.exe
ZONEALARM.EXE

W32/Voumit-A copies itself to the following file locations, creating the folders if they don't already exist:

'C:\Program Files\KMD\My Shared Folder\PhotoShopCS8.0_Crack.exe'
'C:\Program Files\KMD\My Shared Folder\NortonAntiVirus2005FULL.exe'
'C:\Program Files\KMD\My Shared Folder\SxyTeen.exe'
'C:\Program Files\KMD\My Shared Folder\DVDRipper.exe'
'C:\Program Files\KMD\My Shared Folder\SohposAntiVirusFULL.exe'
'C:\Program Files\KMD\My Shared Folder\WebRootSpySweeper.exe'
'C:\Program Files\KMD\My Shared Folder\Win-RAR-FULL+CRACK.exe'
'C:\Program Files\KMD\My Shared Folder\McafeeAntiVirus.exe'
'C:\Program Files\KMD\My Shared Folder\WallPapersXXX.exe'
'C:\Program Files\KMD\My Shared Folder\XXXCollection.exe'
'C:\Program Files\KMD\My Shared Folder\Zip_RAR_PWCracker.exe'
'C:\Program Files\KMD\My Shared Folder\PassworkCrackers.exe'
'C:\Program Files\KMD\My Shared Folder\InDaClub.exe'
'C:\Program Files\KMD\My Shared Folder\Dropitlikeitzhot.exe'
'C:\Program Files\KMD\My Shared Folder\Win-RAR-FULL.exe'
'C:\Program Files\KMD\My Shared Folder\MS_Frontpage.exe'
'C:\Program Files\KMD\My Shared Folder\F-ProtAV-Full.exe'
'C:\Program Files\KMD\My Shared Folder\HackingAOL.exe'
'C:\Program Files\KMD\My Shared Folder\HalfLife2_FULL.exe'
'C:\Program Files\KMD\My Shared Folder\CallofDutyFULL.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\CoolGames.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\SexyTeen.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\SecretFBIDocuments.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\Halflife2KeyGen.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\AIMHacks.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\HotmailHackerKit.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\HackingWindowsXP.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\SexyChickXXXHarcore.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\XXXWallpaperCollection.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\
MedalofHonorPacificAssultFULL.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\HalfLife2FULL.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\BFVietnam.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\SxyTeenFuckedHARD.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\HackingXP.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\XPHackes.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\XXXHighSchoolSluts.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\MiddleSchoolPornXXX.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\PreTeenXXX.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\CounterStrikeSOURCE.exe'
'C:\Program Files\KaZaA Lite\My Shared Folder\GTAViceCity.exe'
'C:\Program Files\Morpheus\My Shared Folder\AOLHackingTools.exe'
'C:\Program Files\Morpheus\My Shared Folder\PhotoShopCS8.0_Crack.exe'
'C:\Program Files\Morpheus\My Shared Folder\PipeBombTutorial'
'C:\Program Files\Morpheus\My Shared Folder\NortonAntiVirus2005FULL.exe'
'C:\Program Files\Morpheus\My Shared Folder\NortonPersonalFirewallFULL.exe'
'C:\Program Files\Morpheus\My Shared Folder\ZoneAlarm.exe'
'C:\Program Files\Morpheus\My Shared Folder\PCChillen.exe'
'C:\Program Files\Morpheus\My Shared Folder\HalfLife2FULL+Crack.exe'
'C:\Program Files\Morpheus\My Shared Folder\DOOM3_FULL.exe'
'C:\Program Files\Morpheus\My Shared Folder\XXXTeenSexXXX.exe'
'C:\Program Files\Morpheus\My Shared Folder\PreTeenSEX.exe'
'C:\Program Files\Morpheus\My Shared Folder\CounterStrike.exe'
'C:\Program Files\Morpheus\My Shared Folder\CounterStrikeSourceFULL.exe'
'C:\Program Files\Morpheus\My Shared Folder\HackXP.exe'
'C:\Program Files\Morpheus\My Shared Folder\SxyTeenFuckedHARD.exe'
'C:\Program Files\Morpheus\My Shared Folder\PreTeenBlowJob.exe'
'C:\Program Files\Morpheus\My Shared Folder\BigBoobs.exe'
'C:\Program Files\Morpheus\My Shared Folder\NudeCheerleaders.exe'
'C:\Program Files\Morpheus\My Shared Folder\SluttyCheerleaders.exe'
'C:\Program Files\Morpheus\My Shared Folder\HowtoHack.exe'
'C:\Program Files\BearShare\Shared\SxyTeenagePorn.exe'
'C:\Program Files\BearShare\Shared\SxyTeenageSEX.exe'
'C:\Program Files\BearShare\Shared\IRobotDVDRip.mpg.exe'
'C:\Program Files\BearShare\Shared\AVPDVDRip.mpg.exe'
'C:\Program Files\BearShare\Shared\NortonAntirVirus2005FULL.exe'
'C:\Program Files\BearShare\Shared\SpywareKiller.exe'
'C:\Program Files\BearShare\Shared\HalfLife2FULL.exe'
'C:\Program Files\BearShare\Shared\BF1942FULL.exe'
'C:\Program Files\BearShare\Shared\CounterStrikeSourceFULL.exe'
'C:\Program Files\BearShare\Shared\TeenSexHardcore.exe'
'C:\Program Files\BearShare\Shared\XXXMagaPack.exe'
'C:\Program Files\BearShare\Shared\FBISecretDocuments.exe'
'C:\Program Files\BearShare\Shared\BigBoobsXXX.exe'
'C:\Program Files\BearShare\Shared\SxyTeenGetsItuptheASS.exe'
'C:\Program Files\BearShare\Shared\FuckedHARDXXX.exe'
'C:\Program Files\BearShare\Shared\Cool_Games.exe'
'C:\Program Files\BearShare\Shared\How-to-Hack.exe'
'C:\Program Files\BearShare\Shared\WinXPHacking.exe'
'C:\Program Files\BearShare\Shared\Sopohs_Anti_Virus.exe'
'C:\Program Files\BearShare\Shared\JeniferLopezNUDE.exe'
'C:\Program Files\LimeWire\Shared\BF1942Keygen.exe'
'C:\Program Files\LimeWire\Shared\BFVietnameKeygen.exe'
'C:\Program Files\LimeWire\Shared\XPHome.exe'
'C:\Program Files\LimeWire\Shared\Sxy.exe'
'C:\Program Files\LimeWire\Shared\SxyTeen.exe'
'C:\Program Files\LimeWire\Shared\CoolGames.exe'
'C:\Program Files\LimeWire\Shared\TeenSexXXX.exe'
'C:\Program Files\LimeWire\Shared\XXX.exe'
'C:\Program Files\LimeWire\Shared\FBIFilesTOPSECRET.exe'
'C:\Program Files\LimeWire\Shared\AOL_Trojan.exe'
'C:\Program Files\LimeWire\Shared\HotmailHacker.exe'
'C:\Program Files\LimeWire\Shared\AOLExploit.exe'
'C:\Program Files\LimeWire\Shared\EncryptionTool.exe'
'C:\Program Files\LimeWire\Shared\WinXp.exe'
'C:\Program Files\LimeWire\Shared\GTAVice.exe'
'C:\Program Files\LimeWire\Shared\MOHPacific.exe'
'C:\Program Files\LimeWire\Shared\HalfLife2.exe'
'C:\Program Files\LimeWire\Shared\Norton2005.exe'
'C:\Program Files\LimeWire\Shared\ZoneAlarm2005.exe'
'C:\My Shared Folder\AOLHackingTools.exe'
'C:\My Shared Folder\PhotoShopCS8.0_Crack.exe'
'C:\My Shared Folder\PipeBombTutorial'
'C:\My Shared Folder\NortonAntiVirus2005FULL.exe'
'C:\My Shared Folder\NortonPersonalFirewallFULL.exe'
'C:\My Shared Folder\ZoneAlarm.exe'
'C:\My Shared Folder\PCChillen.exe'
'C:\My Shared Folder\HalfLife2FULL+Crack.exe'
'C:\My Shared Folder\DOOM3_FULL.exe'
'C:\My Shared Folder\XXXTeenSexXXX.exe'
'C:\My Shared Folder\PreTeenSEX.exe'
'C:\My Shared Folder\CounterStrike.exe'
'C:\My Shared Folder\CounterStrikeSourceFULL.exe'
'C:\My Shared Folder\HackXP.exe'
'C:\My Shared Folder\SxyTeenFuckedHARD.exe'
'C:\My Shared Folder\PreTeenBlowJob.exe'
'C:\My Shared Folder\BigBoobs.exe'
'C:\My Shared Folder\NudeCheerleaders.exe'
'C:\My Shared Folder\SluttyCheerleaders.exe'
'C:\My Shared Folder\HowtoHack.exe'
'C:\WINDOWS\WinFAT32.exe'
'C:\mirc32\RegEdit32.exe'
'C:\mirc32\Telnet.exe'
'C:\mirc32\Zincgrub.exe'
'C:\mirc32\lsass.exe'

W32/Voumit-A deletes the following files, if they exist:

'C:\WINDOWS\System32\sys.exe'
'C:\WINDOWS\System\sys.exe'
'C:\WINDOWS\System32\host.exe'
'C:\WINDOWS\System\host.exe'
'C:\WINDOWS\System32\dir.exe'
'C:\WINDOWS\System\dir.exe'
'C:\WINDOWS\System32\expoler.exe'
'C:\WINDOWS\System\expoler.exe'
'C:\WINDOWS\System32\win.exe'
'C:\WINDOWS\System\win.exe'
'C:\WINDOWS\System32\run.exe'
'C:\WINDOWS\System\run.exe'
'C:\WINDOWS\System32\log.exe'
'C:\WINDOWS\System\log.exe'
'C:\WINDOWS\System32\32.exe'
'C:\WINDOWS\System\32.exe'
'C:\WINDOWS\System32\disc.exe'

W32/Voumit-A creates the following registry entries to run itself automatically on computer login:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
RegEdit32 =
C:\mirc32\RegEdit32.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Telnet =
C:\mirc32\Telnet.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
LSASS =
C:\mirc32\LSASS.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
ZincgrubInc =
C:\mirc32\LSASS.exe