W32.Fidameg.A


Aliases: Win32.Magania.awru, W32/Caveduck.a, PE_FIDAMEG.A, W32/Vetor-I, Virus:Win32/Smee.
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 29 Mar 2009
Damage: Low

Characteristics: W32.Fidameg.A is a virus that contaminates merely on executable files in Windows Systems. This virus was once discovered last March 29, 2009. It also has the capability to corrupt other files that have certain extensions.

More details about W32.Fidameg.A

This virus’ damage or threat level is low, although, its payload is to infect removable files stored in the computer. It can create a service in the systems then run itself with the operating system or OS. Once the virus is executed, it creates three files namely, %CurrentFolder%\[NAME OF ORIGINALLY EXECUTED FILE].ini, %CurrentFolder%\coldblood and %System%\[NAME OF ORIGINALLY EXECUTED FILE].exe. Next, it will create two services with the same service name, ~[RANDOM ASCII CHARACTERS]~, but they can be navigated on different imagepaths. Hence, the virus will spread to infect the executable files. Other files that this virus infects are .rar, .zip, .doc, .xls, .ppt, .pdf, .html, .java, .asp, .css and many others. Each file is modified into 14 bytes.

To manually remove the W32.Fidameg.A virus, disable the System Restore and update the virus definitions. Restart the computer then once it is turned on, run a full system scan. In order for the service to be stopped, click Start on the menu then select Run. Type services.msc and click OK. Navigate and find the service that was detected. Click Action and Properties then select Stop. Change the Startup Type into Manual. Close the Services window then reboot the computer.