Aliases: W32/Giri.gen.b, W32.Giri.G1, Win32.Giri, Giri Trojan, Win32.Giri.4919
Variants: Virus.Win32.Giri.4919, Win32.Girigat.4937, W32/Girig-4919, W32/Girigat.4919, W32.Girigat

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: Asia, North and South America, Australia
Removal: Easy
Platform: W32
Discovered: 06 May 1999
Damage: Low

Characteristics: The W32.Giri malware belongs to the Giri family which is known more for its annoying payloads rather than its destructive behavior. When loaded into a vulnerable computer system it normally remains active in system memory and intentionally conceals its processes from the unsuspecting computer user. It has also been observed by some antivirus developers to specifically target computer files that have the EXE file extension. This normally results in the failure of applications to launch.

More details about W32.Giri

The W32.Giri is known to distribute itself to various computer systems and networks using spiked email messages. It is also possible that its trigger files may be dropped into a vulnerable machine when the Web browser is directed to a malicious website which carries the malware. Once successful in infecting a target computer system the W32.Giri begins by automatically making changes on certain keys of the Windows Registry. This specific routine of the malware is intended to establish the presence of the W32.Giri in the infected machine by allowing it to automatically load on system start up. The Windows Registry is also used by this malware to hook certain functionalities of the computer system to improve the delivery of its payload.

Some of the annoying characteristics of the W32.Giri malware include the opening of the optical media drive, disabling of the mouse pointing device, randomly changing desktop wallpaper, and illegal termination of running processes among others. These indications may or may not manifest immediately but it has been observed that usually an infected computer system will exhibit these symptoms within three months after execution of the W32.Giri trigger file. The executable files targeted by this malware will suddenly increase in file size because the W32.Giri normally functions by appending its code to the end of the infected EXE file format.