W32.HLLW.Hai is a worm written in C++. This worm spreads its infection in a manner that is very similar to worms such as W32.HLLW.Bymer
. It spreads by finding computers that share the \Windows folder with full access set to "Everyone." If such a share is found, the worm copies itself to the share and modifies the Win.ini file so that the worm is executed when the computer is restarted. This worm cannot spread to computers that do not have the NetBIOS protocol installed.
It is never a good idea to share the entire hard drive or the \Windows folder with full access for "Everyone." By having a share like this, anyone on the Internet who knows your IP address will have full access to any files within that share. If you need to have shares on your computer, it is highly recommended that you protect them with a password. For more information on configuring shares please see the Knowledge Base article, How to configure shared Windows folders for maximum network protection
What are Portable Executable (PE) files?
PE files are files that are portable across all Microsoft 32-bit operating systems. You can execute the same PE-formatted file on any version of Windows 95, 98, Me, NT, and 2000. Therefore, all PE files are executable, but not all executable files are portable.
A good example of a Portable Executable is a screen saver (.scr) file.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.