1. Symantec/
  2. Security Response/
  3. W32.HLLW.Hai


Risk Level 1: Very Low

August 10, 2001
February 13, 2007 11:58:33 AM

W32.HLLW.Hai is a worm written in C++. This worm spreads its infection in a manner that is very similar to worms such as W32.HLLW.Bymer and W32.HLLW.Qaz. It spreads by finding computers that share the \Windows folder with full access set to "Everyone." If such a share is found, the worm copies itself to the share and modifies the Win.ini file so that the worm is executed when the computer is restarted. This worm cannot spread to computers that do not have the NetBIOS protocol installed.

It is never a good idea to share the entire hard drive or the \Windows folder with full access for "Everyone." By having a share like this, anyone on the Internet who knows your IP address will have full access to any files within that share. If you need to have shares on your computer, it is highly recommended that you protect them with a password. For more information on configuring shares please see the Knowledge Base article, How to configure shared Windows folders for maximum network protection.

What are Portable Executable (PE) files?
PE files are files that are portable across all Microsoft 32-bit operating systems. You can execute the same PE-formatted file on any version of Windows 95, 98, Me, NT, and 2000. Therefore, all PE files are executable, but not all executable files are portable.

A good example of a Portable Executable is a screen saver (.scr) file.

Antivirus Protection Dates

  • Initial Rapid Release version August 10, 2001
  • Latest Rapid Release version March 3, 2008 revision 035
  • Initial Daily Certified version August 10, 2001
  • Latest Daily Certified version March 3, 2008 revision 037
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Neal Hindocha

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube