Aliases: W32/Giwin.gen, W32.HLLW.Giwin, W32/HLLW/Giwin
Variants: PE_GIWIN.A, W32/Alcop.gen, Email-Worm.VBS.Giwin, W32/HLLGivin-B

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: South America, Asia, Europe
Removal: Easy
Platform: W32
Discovered: 02 Oct 2001
Damage: Low

Characteristics: One of the most critical payloads associated with the W32.Giwin.gen malware infection is the presence of multiple copies of itself in the compromised machine. When activated in the vulnerable computer system, this malware normally targets specific directories and folders on the hard drive where it will extract its copies of itself. In case it finds the presence of a floppy disk, this threat will also use the media to create a copy of its codes.

More details about W32.Giwin.gen

According to some antivirus developers, the W32.Giwin.gen malware is generally considered as a simple virus. The complexity associated with this threat stems from its ability to create multiple copies of itself in the hard drive of the target computer system. All copies of itself which are distributed in different folders and directories use the EXE file extension and number no more than 50 instances usually named chronologically. In the case of floppy disks, the W32.Giwin.gen has a routine which makes the disk bootable. It will also copy an executable file into the media along with a batch file. This routine is intended to automatically spread the infection of the W32.Giwin.gen malware once the floppy disk is inserted into another computer system.

A floppy disk carrying the W32.Giwin.gen will immediately infect the machine once it is inserted into the drive. As part of its routine of firmly establishing its presence in the compromised computer system, the W32.Giwin.gen may place an instance of itself in the startup group of the operating system in order to launch at every startup or boot up event. This particular threat has also been identified to place shortcuts on the user's desktop which will allow it to redirect the Web browser to the author's website or send him an email message.