W32.Kangero.A


Aliases: W32/Kangero
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active and Spreading
Spreading: Slow
Geographical info: Asia, North America, Europe
Removal: Easy
Platform: W32
Discovered: 11 Dec 2007
Damage: Low

Characteristics: The W32.Kangero.A worm is able to propagate by copying itself to every mapped drive on a victim machine. It can likewise lower the infected machine’s security settings because this malware may be utilized by other security threats to access the machine. This worm looks for machines with weakly configured networks. It can also take advantage of the system’s installed application’s exploits.

More details about W32.Kangero.A

Once the W32.Kangero.A worm is run, it will copy itself to the system under a filename either in the exe, zip.exe or jpg.exe file extension. It will then create an icon and htm file. This malware will also copy itself to the C through H drives’ roots as the autorun.inf and setup.exe files. The worm is also able to modify the registry such that it will be allowed to run at each Windows bootup. It will also alter the registry to hide its presence in the victim system and to block access to the registry editor. This malware will likewise add values to the registry so that the malware’s icon will be shown to executable files and to the Recycle Bin and My Documents folders.

The worm W32.Kangero.A also implements the launching of the Internet Explorer every so often so that it will exhibit a website that the malware stores in the htm file it has dropped. It can also open the Microsoft Word application to display a new document file and terminate and delete files. This worm also has the ability to perform DOS or Denial of Service attacks. To get rid of the W32.Kangero.A, the computer should be rebooted in Safe or VGA Mode. The Registry Editor must be utilized to delete its key under the under several registry entries. The other files associated with this malware should also be deleted under Safe Mode. Once all traces of the worm are deleted from the computer, the computer can be restarted.