1. /
  2. Security Response/
  3. W32.Extrat


Risk Level 2: Low

November 12, 2012
November 12, 2012 10:05:37 PM
Trojan, Worm
Infection Length:
21,504 Bytes
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
W32.Extrat is a worm that spreads by copying itself to removable drives and P2P networks. It also opens a back door and steals information from the compromised computer.

Antivirus Protection Dates

  • Initial Rapid Release version November 12, 2012 revision 009
  • Latest Rapid Release version April 28, 2015 revision 024
  • Initial Daily Certified version November 12, 2012 revision 021
  • Latest Daily Certified version April 28, 2015 revision 035
  • Initial Weekly Certified release date November 14, 2012
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy


  • Damage Level: Medium
  • Payload: Opens a back door.
  • Releases Confidential Info: Steals information, records keystrokes, and accesses webcam.


  • Distribution Level: Medium
  • Shared Drives: Spreads through removable drives and P2P networks.
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Paul Mangan

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report