W32.Lopown!inf


Aliases: Embedded.Win32.Agent.PAC, Dropper.Win32.Undef.yt, W32/Agent.MGIF.dropper, virus:win32/lopown.gen!a, Trojan.DownLoad.33155
Variants: Generic Dropper!op!ac975251b50e, Win32:Trojan-gen, Win32/Agent.AR, Win32.Lopown.A, Trojan.Agent-98266

Classification: Malware
Category: Computer Virus

Status: Dormant
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 04 Dec 2008
Damage: Low

Characteristics: A malicious author may use the W32.Lopown!inf to simplify the process of introducing more malicious threats into the infected computers system. This malware has been identified to possess the capability of listing all currently open windows in the machine. It may also create a list of actively running processes and share or take over the memory space occupied by certain processes. Like most malware in its class it attempts to shutdown system security.

More details about W32.Lopown!inf

One of the characteristics that has been associated with the W32.Lopown!inf malware is that it prompts the infected files in the machine to download more threats making the infection widespread. It has been observed to extract an executable file into the directory of stored applications in the machine. The W32.Lopown!inf may also place additional file strains into the directory folder where the operating system components are stored. The Windows Registry is also modified by this malware by adding a new key value which will allow it to start automatically at every restart or boot up instance of the infected computer system. Consistent with viruses, the W32.Lopown!inf will infect and corrupt majority of executable files that it encounters in the compromised machine.

According to some computer security experts, the W32.Lopown!inf is capable of initiating a voluntary connection to a presumed malicious website where it may download additional malicious codes. Aside from the files and Windows Registry keys affected by the W32.Lopown!inf malware, network communication quality may also be hit or used as a transport mechanism. The W32.Lopown!inf will inspect actively running processes in order to identify which are associated with system monitoring and protection. When successful in establishing itself into the target computer system the remote attacker may send additional commands that can cause the opening of an unsecured backdoor.