1. Symantec/
  2. Security Response/
  3. W32.Fragl


January 16, 2002
February 13, 2007 11:51:04 AM

This is a Microsoft Outlook worm with backdoor and pasword stealing features.

When this worm is executed, it does the following:

It creates the files:
  • C:\Userdat.sys
  • C:\System.dll

These are log files that the worm uses. It uses System.dll to log your keystrokes. This key logging feature can steal your username, password and other private, typed information.

The worm next creates the file \Windows\Winstart.bat.

It then creates copies of itself as:
  • \Windows\Kernel32.ini
  • \Windows\System\UserConf.exe

The worm also adds the value:

UserData     C:\Windows\System\UserConf.exe

to the registry key:


This will run the worm every time that you start Windows.

Antivirus Protection Dates

  • Initial Rapid Release version January 17, 2002
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version January 17, 2002
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Gor Nazaryan
Summary| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube