1. Symantec/
  2. Security Response/
  3. W32.HLLW.Yoof


Risk Level 1: Very Low

August 22, 2002
February 13, 2007 11:40:05 AM
Also Known As:
W32/Duload.worm [McAfee], W32/Duload-A [Sophos], WORM_DULOAD.A [Trend]
Systems Affected:

W32.HLLW.Yoof is a worm that spreads by using the KaZaA file-sharing program. It tricks KaZaA users into downloading and executing the worm.

When W32.HLLW.Yoof runs, the worm copies itself as %system%\SystemConfig.exe and creates the %system%\Media shared folder. It then copies itself to this folder using numerous file names, some of which are:
  • Email Bomber.exe
  • FileServer.exe
  • Kazaa Clone.exe
  • Napster Clone.exe
  • Winmx.exe
  • Website Hacker.exe
  • Hotmail Hacker.exe
  • Windows Hacker.exe

Antivirus Protection Dates

  • Initial Rapid Release version August 22, 2002
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version August 22, 2002
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date August 22, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Douglas Knowles

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube