W32.Golem.A


Aliases: W32/Golem-A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Dormant
Spreading: Slow
Geographical info: Europe, North America, Asia
Removal: Easy
Platform: W32
Discovered: 17 Mar 2008
Damage: Low

Characteristics: The W32.Golem.A like most malware of its kind is capable of infecting Portable Executable files which are stored in a computer system running under the Microsoft Windows Operating System platform. The manner of infection of this virus is by injecting its codes into the target file resulting in its corruption. This results in the failure to launch of the applications associated with the corrupted file.

More details about W32.Golem.A

By design the Win32.Golem.A is equipped with a built-in defense mechanism which allows it to change its virus signature at every instance of infection. This is presumed to be done to make its detection and eventual removal from the compromised system complex. Upon execution of the W32.Golem.A it will attempt to enumerate all drives present in the machine. The drives which will be scanned include both physical and mapped network drives. Once it has identified the drives present it will proceed by injecting its codes into every executable file that it will find. The result is that the file infected by the W32.Golem.A malware will increase by approximately four kilobytes in size. This routine is repeated except for files stored in the main hard drive.

A unique feature of the Win32.Golem.A is that it limits infection to only five files at every instance of execution. The infected executable file may also continue to function as it did prior to the infection with its behavior becoming erratic. This is presumed to be done by the Win32.Golem.A in order to conceal its presence in the executable file. An infected file therefore may launch at one instance but display errors during the next execution. A computer system that is equipped with only one hard drive that has one partition remains immune from the effects of the Win32.Golem.A malware.