Welcome to the Virus Encyclopedia of Panda Security.
Twittworm.A carries out the following actions:
Twittworm.A creates the file in the Windows system directory. This file is a copy of the worm.
Additionally, it creates an AUTORUN.INF file in the removable drives. This way, the copy of the worm is automatically run when any of them is accessed.
On the other hand, Twittworm.A modifies the HOSTS file so that the user cannot access certain websites, most of them related to computer security companies and searchers.
Twittworm.A creates the following entries in the Windows Registry, in order to be automatically run whenever Windows is started:
Twittworm.A modifies the following Windows Registry entry, in order to prevent the system to be restored:
Twittworm.A modifies the following Windows Registry entries, in order to disable the notifications displayed by the Windows antivirus and firewall:
Additionally, it modifies the following entries from the Windows Registry, in order to make its detection more difficult:
On the other hand, Twittworm.A deletes all the Windows Registry entries related to starting the computer in Safe Mode, in order to make its elimination more difficult.
Twittworm.A uses the following means to spread:
1.- Social networks and instant messaging programs
It uses social networks like Twitter, and instant messaging programs like MSN Messenger to infect users. In order to do so, it sends messages which contain a link or an attached file belonging to the worm.
The following are some examples:
2.- Removable drives
It spreads trough removable drives making copies of itself in them. Additionally, it creates an AUTORUN.INF file in these drives, so that the copy of the worm is automatically run when they are accessed.
Twittworm.A is 221,184 bytes in size.