W32.Madangel
Aliases: Win32.Madang.B, W32/Madangel.b, W32/Madang-Fam, Virus:Win32/Madang.A, Win32/MaDang.B
Variants: Virus.Win32.Small.l, PE_MADANGEL.D-O, Virus.Win32.Small, W32/Guarder, Win32.Madang
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Moderate
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 06 Jul 2006
Damage: Medium
Characteristics: This threat employs a propagation technique which allows it to take advantage of poorly protected network shares as transport mechanism to spread its infection to other network clients and its environment. The W32.Madangel malware will infect all executable files that are found in the compromised machine including those located in shared network drives. It is likewise capable of downloading and launching remote malicious files by lowering the default security settings of the infected computer system.
W32.Madangel Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Madangel from your computer.
More details about W32.Madangel
This threat will initially execute by creating two executable files with two different filenames. These two executable files are actually copies of the W32.Madangel malware itself. These files will be accompanied by a Dynamic Link Library file that has the same filename as its extension. This accompanying file is a copy of the downloader component of the W32.Madangel which allows it to retrieve remote files. The Windows Registry will be inspected by this malware to check for the presence of its marker. When found the threat will terminate, however, if absent, the W32.Madangel will proceed to create one. After successfully modifying the Windows Registry it will try to illegally terminate specific antivirus application services running in the infected computer system.The W32.Madangel will inject its Dynamic Link Library file into either the Internet Explorer or Windows Explorer process to hook specific functionalities. Hooking the Web browser allows the W32.Madangel to discretely download malicious files from a predefined Internet server without the user's knowledge. The hooking of the Windows Explorer process allows the W32.Madangel to secretly search the contents of the computer system to locate executable files starting from drive C up to Y. An initialization file with system and hidden attributes will be created by the threat in the storage device where the malware has successfully infected executable files.
Browse for more malware information
- W32.Madangel
- W32.Maddis.B
- W32.Mafeg
- W32.Magflag.A@mm
- W32.Mailbancos@mm
- W32.Maldal.C@mm
- W32.Mancsyn
- W32.Mandaph
- W32.Maniccum
- W32.Mant.Worm
- W32.Mapson.C.Worm
- W32.Mari@mm
- W32.Marque.Worm
- W32.Masy.Worm
- W32.Matcher.Worm
- W32.Mdmbot
- W32.Medbot.A
- W32.Meetot
- W32.Melting.Worm
- W32.Mertian.Worm
- W32.Messmulti
- W32.Mexer.B.Worm
- W32.Mibling
- W32.Midlak@mm
- W32.Mikbaland
- W32.Mimail.A@mm
- W32.Mimbot.B
- W32.Minera.A
- W32.Mineup.Worm
- W32.Miniman@mm
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.