W32.Imalag.A
Aliases: W32.Imalag.B, Virus.Win32.Afgan.a, AdWare.NaviPromo.M, Rootkit.Win32.Agent.akr, W32.Spybot.Worm
Variants: Virus@W32.Imalag, Mal/EncPk-CR, Infostealer.Gampass, Win32.SuspectCrc, Trojan.Win32.Agent.bknn
Classification: Malware
Category: Computer Virus
Status: Inactive
Spreading: Slow
Geographical info: Asia, South America, Europe
Removal: Easy
Platform: W32
Discovered: 03 Oct 2008
Damage: Low
Characteristics: The W32.Imalag.A like most viruses targets executable files that are stored in the local hard drive of the infected computer system. Executable files which are infected by this malware normally become corrupted or unusable. This threat has also been observed to attempt to connect to predetermined websites in order to download and execute additional files. The websites contacted by this malware are known to be malicious and may be under the control of the attacker.
W32.Imalag.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Imalag.A from your computer.
More details about W32.Imalag.A
This malware is normally dropped into a vulnerable computer system as an executable file that uses an icon that resembles a calculator. Once the W32.Imalag.A is launched into the target computer system it will search for the location of the executable file for the Windows Explorer and copy it into a temporary folder where it is renamed. The temporary folder will be created by the W32.Imalag.A solely for this purpose. This means that the Shell_TrayWnd Windows class will also be negatively affected by this malware. Once the executable file of the Windows Explorer has been infected, the W32.Imalag.A will randomly select other EXE format files and infect them as well. The infected file normally increases by 24,576 bytes in size.If the Russian language pack of the operating system is installed, the W32.Imalag.A will display a message box with text using the Cyrillic language. However, if the language pack is not present in the infected computer system, the contents of the message box will appear as garbage characters. The W32.Imalag.A will attempt to create a connection to Web servers that are based in Russia. These servers store data that may be used to further the infection in the compromised machine or to update the codes of the W32.Imalag.A malware. The connection can be hijacked and exploited by another malicious author.
Browse for more malware information
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.