W32.Gobi
Aliases: W32/Gobi.b, PE_SALITY.AZ, Trojan-Dropper.Win32.Microjoin, W32/Chir.b@MM, Win32/Kashu.C
Variants: Virus.Win32.Gobi.a, Win32.Gobi.a, W32/Gobi, PE_GOBI.A, W32/Gobi.29033
Classification: Malware
Category: Computer Virus
Status: Active & Spreading
Spreading: Slow
Geographical info: Europe, North America
Removal: Hard
Platform: W32
Discovered: 10 Mar 2004
Damage: Low
Characteristics: Consistent with the functionality of most viruses, this malware targets Portable Executable files of the Microsoft Windows Operating System platform. It also compromises the integrity of other executable files associated with programs installed in the infected computer system. The W32.Gobi is designed with built-in defense mechanisms that are intended to complicate its detection and removal from the host machine. It is also capable of compromising system security by opening an unsecured backdoor.
W32.Gobi Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Gobi from your computer.
More details about W32.Gobi
The complexity associated with the W32.Gobi is based primarily on its ability to change or modify its virus signature at every instance of infection. This capability is commonly referred to as polymorphic effect which is meant to thwart attempts of removing it from the machine. This threat is designed with an entry point obscuring feature which allows it to overwrite the initial instruction sets for the executable file it intends to corrupt. The author of the W32.Gobi made use of anti-debugging techniques possibly to protect the source codes of the malware. The backdoor functionality allows its author to hijack the resources of the infected computer system without the user's knowledge. The W32.Gobi normally makes use of the TCP port 666 to implement its backdoor feature.An inherent danger that is associated with the backdoor functionality of the W32.Gobi is that it can be used by other malicious authors to further compromise the already infected computer system. Normally the presence of the backdoor remains undetected until a thorough scan of the machine is done using a protection software with an updated antivirus engine and database. The W32.Gobi hooks Application Programming Interfaces in order to control certain functionalities in the host computer system. The executable for its backdoor component is normally stored in a temporary folder of the hard drive.
Browse for more malware information
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.