Aliases: W32/Golsys.b, W32/Golsys-B, Win32/Golsys.14292, Win32.GolSys.C
Variants: W32.Nios.14292, Win32/HLLP.Golsys.14292, Virus.Win32.Golsys.14292, W32.Golsys.8020

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 14 Aug 2002
Damage: Low

Characteristics: This variant of the W32.Golsys.8020 malware is differentiated mainly by its file size but the effects remain the same. The payload associated with the W32.Golsys.14292 is that it scans all the mapped and local hard drives present in the compromised machine. Consistent with the characteristics of most viruses it will proceed to infect or corrupt all executable files it finds in the identified drives. This may lead to the failure of the application to launch.

More details about W32.Golsys.14292

Introduction of the W32.Golsys.14292 virus into the vulnerable computer system will place a copy of itself into the hard drive using an EXE file extension. This file serves as the main trigger file for the malware which attempts to mimic the legitimate NetBIOS service of the operating system. Upon successful introduction of the file into the machine it will be launched as a system service allowing the W32.Golsys.14292 to run as a background process. This means that this threat may possibly modify or introduce values into the Windows Registry to be able to execute as a system service. The payload of the W32.Golsys.14292 is only designed to infect 32-bit executable files which mean that 64-bit executable files are immune from the effects of this malware.

The infection spreading routine of the W32.Golsys.14292 to all local and mapped hard drives of the compromised machine involves the modification of the host files. It will include an instruction into the Windows Host file allowing it to follow the route of data that is transferred by the computer system to other network clients. Manual removal of the W32.Golsys.14292 requires the deletion of its executable file from the local hard drive as well as removal of its entry in the Windows Host file. The Registry Editor tool can be used to remove traces of the W32.Golsys.14292 in the Windows Registry.