W32.Slugin.A


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 25 Oct 2008
Damage: Medium

Characteristics: The W32.Slugin.A program is a virus that runs a backdoor and multiplies by contaminating executable files found on all drives available from the compromised computer.

More details about W32.Slugin.A

The W32.Slugin.A program is a virus that runs a backdoor and multiplies by contaminating .exe files located on all drives available from the computer system. When the virus is opened, it creates the “C:\Documents and Settings\All Users\Application Data\Wplugin.dll” and “%Windir%\Wplugin.dll” files. Then, the virus makes duplicates of “%System%\ws2help.dll” at these locations: “%Windir%\ws2help.dll” and “%ProgramFiles%\Messenger\ws2help.dll”. Then, the virus changes the duplicates of “w32.help.dll” with malicious codes which enable it to get info from applications staying on the similar folder as the “DLL” file. Then, it spreads an email message as a notice of contamination to the addresses: “cvmb@hotmail.com” and “sv003@yahoo.com”.

The W32.Slugin.A program utilizes a backdoor Trojan program to establish connection with remote servers on the World Wide Web. The opening created by the backdoor enables the application to automatically gather files from the Internet. The program retrieves the files from these online sources without the user’s knowledge. The backdoor used by the application may also provide security gaps for other malware programs on the computer. The unauthorized network connection provided by the backdoor enables automatic update of the components utilized by the malware applications.