W32.Advegol


Aliases: W32.Advegol!gen, W32/Advegol, Trojan.Win32.Pakes
Variants: W32.Advegol!gen, Virus.Win32.Xorer.dr, W32/Fujacks, TrojanDropper:Win32/Pakes.gen!A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia
Removal: Easy
Platform: W32
Discovered: 22 Apr 2007
Damage: Medium

Characteristics: The worm W32.Advegol is considered as a medium risk because it attempts to target all executable files within the infected system. It does not delete any stored information but it may result in the failure of applications to launch. It is capable of using removable devices and unprotected network shares to distribute itself.

More details about W32.Advegol

The execution of the W32.Advegol malware in a compromised machine does not only lead in the corruption of executable files but also the illegal termination of security related programs and system processes. This is presumed to be done to make the infected machine more vulnerable to other potentially dangerous codes. It also makes use of a mutex to tag an infected computer system. This means that only one instance of the W32.Advegol malware exists within the machine and it will not attempt to reinstall itself in an already infected system. The COM folder is created under the System folder of the Windows directory. This location is used to store the smss.exe file which is the main executable of the malware and may be detected as a type of Trojan Horse by majority of antivirus applications.

The W32.Advegol malware allegedly copies the files pagefile.pif and autorun.inf into all logical drives found in the computer system. The autorun.inf file contains the necessary instructions on how to spread the malware to other machines. The mm.gif file is used by the malware to infect network clients by taking advantage of unprotected network shares. The file mm.gif is installed in all network share directories with a corresponding WMF file which may cause the infected machine to connect to a predetermined website to download more dangerous codes. The W32.Advegol malware can be easily removed by an antivirus application which has an updated virus definition database and detection engine.