W32.Sayudio


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 26 Apr 2007
Damage: Low

Characteristics: The W32.Sayudio application is a virus that contaminates executable files on the infected computer.

More details about W32.Sayudio

The W32.Sayudio program is a virus that contaminates executable files on the infected computer. Once the virus is opened, the virus duplicates itself as “%System%\qmap32.dll”. Then, the virus drops the following file: “%Windir%\SVCHOST.EXE - identified as a Trojan Horse”. After that, the virus register itself as a service w/ “Service Name: XPManager” and “Display Name: Programm manager”. The service then tries to stop the network connection by changing the space of the memory of “engine.dll” or “network.dll”. The W32.Sayudio program then contaminates all executable files it locates on the infected computer.

The W32.Sayudio software may enter the system via infected network shares. It may use system vulnerabilities to access these shares. A brute-force attack can also be used to guess passwords used. Once the malware program has entered a system, it will continue to search for connected networks to infect. The program may also try to infect removal drives. It may place an autorun.inf on these drives. These files are read whenever a removable device accesses the drives. The infected autorun file will contact the main executable file of the malware program. A copy will then be saved in the device. An autorun file may also be placed in the device so that the virus application is automatically executed whenever it is accessed.