W32.Wamgin


Aliases: BackDoor.Generic2.LJB, Backdoor.Vb.ARG, Backdoor.Win32.VB.arg, BDS/VB.arg, Trojan.DL.Agent.eze
Variants: W32/BackdoorX.DPO, W32/VBDoor.FG, Win32/Malum.HPL infection

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 31 May 2006
Damage: Low

Characteristics: The W32.Wamgin program is a virus that infects .exe file extensions on network drives. It also downloads files and executes them. The virus affects Windows operating system such as Windows 2000, Windows 98, Windows 95, Windows Me, Windows Server 2003, Windows NT, and Windows XP.

More details about W32.Wamgin

W32.Wamgin program is a virus that infects .exe file extensions on network drives through network shares and removable media drive. It also downloads files and executes them. The virus affects Windows operating system such as Windows 2000, Windows 98, Windows 95, Windows Me, Windows Server 2003, Windows NT, and Windows XP. Once W32.Wamgin is executed, the virus drops Smss.exe, dnts.dat, and DBST32NT.LOG in Windows and system folders. It modifies or adds values in the registry so that the virus is executed every time the Windows starts and in order for the virus to be executed whenever a text file is opened. This Virus searches for network drives and tries to infect executable files. It as well attempts to connect to a particular Web site that contains URLs, which the virus attempts to download file and execute them.

The W32.Wamgin software allows another person to act as administrator of the infected computer. It receives commands from a remote server via the backdoor. The commands are executed in the system without the user’s consent. This can include monitoring the user’s activities. Files in the system may also be modified, deleted, or moved. The system settings can also be changed unknown to the user. This can be done to prevent removal of the malware program. Security features such as Safe Mode and System Restore may be disabled. The running processes of installed security software can also be stopped. Core system files may be deleted. Devices such as CD drives and webcams may be used to capture information. They can also be opened, closed, or disconnected without the user’s consent.