x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

Chainsaw

 
Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Chainsaw
Technical name:W32/Chainsaw
Threat level:Low
Type:Virus
Effects:   It carries out damaging actions on the affected computer. It does not spread automatically using its own means.
Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Aug. 17, 2001
Detection updated on:March 15, 2005
StatisticsNo

Brief Description 

    

W32/Chainsaw is a worm that can spread through the Internet, by connecting directly to different computer ports. This worm performs highly destructive actions on hard disk sectors.

 

Visible Symptoms 

    

The first time it is executed, W32/Chainsaw copies itself to the WINDOWS\SYSTEM directory under the name WINMINE.EXE. Then, it goes memory resident and waits for the user to connect to the Internet.

There is a 1 in 666 chance that the worm will trigger its payload. This could be equally triggered if the file has been modified. Once activated, the worm creates a file named BBQ666.COM in the WINDOWS\SYSTEM folder and executes it. This file is in fact a dangerous Trojan which overwrites some sectors in the two first hard drives with the following text:

"THE FILM WHICH YOU ARE ABOUT TO SEE IS AN ACCOUNT OF THE TRAGEDY WHICH BEFELL A GROUP OF FIVE YOUTHS. IN PARTICULAR SALLY HARDESTY AND HER INVALID BROTHER FRANKLIN. IT IS ALL THE MORE TRAGIC IN THAT THEY WERE YOUNG. BUT, HAD THEY LIVED VERY, VERY LONG LIVES, THEY COULD NOT HAVE EXPECTED NOR WOULD THEY HAVE WISHED TO SEE AS MUCH OF THE MAD AND MACABRE AS THEY WERE TO SEE THAT DAY. FOR THEM AN IDYLLIC SUMMER AFTERNOON DRIVE BECAME A NIGHTMARE. THE EVENTS OF THAT DAY WERE TO LEAD TO THE DISCOVERY OF ONE OF THE MOST BIZARRE CRIMES IN THE ANNALS OF AMERICAN HISTORY, THE TEXAS CHAIN SAW MASSACRE..."

If the worm is executed from the hard disk root directory, it deletes the CHAINSAW.EXE file and sends the following message to the alt.horror newsgroup:

From: "Leatherface"
Subject: CHAINSAWED
Newsgroup: alt.horror
Message: WHO WILL SURVIVE
AND WHAT WILL BE LEFT OF THEM?