Tearec.A is a worm that disables and ends several antivirus programs, if they are installed on the affected computer. It also attempts to delete files belonging to several antivirus programs, peer-to-peer file sharing programs (P2P) and other Internet applications, which would make them stop working.
Additionally, it monitors the network traffic of certain connections related with antivirus programs and email services. This way, it could obtain passwords.
Tearec.A spreads via email in a message with variable characteristics and across computer networks.
On the 3rd of every month, Tearec.A overwrites all the files that contain any of the following extensions:
.DMP, .DOC, .MDB, .MDE, .PDF, .PPS, .PPT, .PSD, .RAR, .XLS and .ZIP.
overwriting them with the text string DATA Error [47 0F 94 93 F4 K5].
These extensions belong to the following types of file:
- .DMP: Windows memory dump.
- .DOC: Word documents.
- .MDB: Access database.
- .MDE: Access MDE database.
- .PDF: Acrobat Reader documents.
- .PPS: Power Point slideshows.
- .PPT: Power Point slideshows.
- .PSD: Photoshop images.
- .RAR: files compressed with WinRAR.
- .XLS: Excel documents.
- .ZIP: files compressed with WinZip.