A search at Norton for "W32." finds 1782 examples of this "W32. worm class." One of the most common, currently, will appear as "W32.Beagle@mm!rar." The "rar" indicates that this is a "search worm" that looks for machines that have been previously infected by the "W32.Beagle" worm(s).

The "W32.Beagle.M@mm" and " W32.Beagle.N@mm" infected files that may have been previously "loaded" on your machine contain password-protected .rar files as email attachments. The password protection prevents your AV from scanning them. Most good AV programs will detect and remove them, but they can be successfully passed onto machines with less than optimum protection or if your viral signatures are out of date.

In order for this W32.Beagle variant to be "activated" the "W32.Beagle@mm!rar" looks for machines that have the "real" worm(s) already installed so that it can execute the password and turn them on. When turned on, the W32.Beagle worms execute a mass emailing to every address in your address book. It searches for 29 or more different file extensions to find "addresses" in virtually any kind of email program. To delay detection of the mass mailings, it excludes email addresses that would send it to a selected list of places known to have detection and blocking set up for earlier versions of W32 worms.

In addition, this worm appends itself to any .exe file it finds on the machine. Norton, and likely most other good AV programs can "repair" the .exe files by removing the "viral appendage," but in rare cases it may be necessary to delete the .exe (and reinstall the program after cleanup) to get rid of it.

In addition, this worm class attaches itself to every file it finds designated for file sharing by including the string "shar" anywhere in the filename.

As examples, you can look at full information on the W32.Beagle.M@mm or W32.Beagle.N@mm

Norton has "repair tools" for both these variants at the above links. You should check to be sure that you get the appropriate tool for the variant you find on your machine by searching your AV provider's site. If you don't have a favorite, go to Symantec Search. Enter W32.name, inserting the first word of the name for the one you want to find (W32.Beagle for example.) Click the "Viruses, Trojan horses, Worms and Macros" box to limit the search to these categories. (You may want to come back later and click the "Vulnerabilities and Exploits" box for other stuff.)

All W32 variants I've looked at require registry repair (regedit) to complete the removal, but these are classed as "easy removal" infections – if you read all of the instructions first, and then follow them carefully.

(Interesting variant: W32.Naked@mm is a mass mailing worm that disguises itself as flash movie. The attachment is named NakedWife.exe)

Additional variants that are common include "Gaobot," "Sobig," "Magistr" etc.

John