W32.Minera.A


Aliases: W32/Minerv-A, Mal_Banker, Mal/Generic-A
Variants: Trojan-Dropper.Win32.Joiner.ft, Trojan-Dropper.Win32.Joiner.fu

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 26 Oct 2007
Damage: Low

Characteristics: Some computer security experts have determined that the main transport mechanisms used by the W32.Minera.A are removable storage devices and weakly protected network shares found in the infected computer system. It is capable of installing a debugger process which is injected to executable sequences of some installed programs. This results in the malware's hijacking of the software application by launching its own codes instead of the requested program or discretely loading into system memory.

More details about W32.Minera.A

There are numerous file traces associated with the infection generated by this malware. The W32.Minera.A has been established to drop various COM and EXE format files into different directory folder locations of the main hard drive. This routine is seen as an attempt to complicate the detection of its presence and make its removal more difficult. Once the file components have been successfully dropped the W32.Minera.A will resume by creating executable copies of itself into the root directory of all removable storage devices and shared network drives found in the host machine. These files are meant to launch automatically once these drives are accessed to initiate the infection routine of the W32.Minera.A malware. In some instances these executable files may be hidden from the user.

Numerous Dynamic Link Library and executable files will be dropped into the infected computer system. These files are all malicious and are injected into the executable file of the Windows Explorer process in order to efficiently monitor the activity of the W32.Minera.A malware. A corresponding key value will be created in the Windows Registry to load at every boot up or restart instance and initiate its debugger module. The W32.Minera.A will also attempt to create a new service for its process in an attempt to avoid detection by system monitoring tools. The W32.Minera.A will attach randomly picked computer games.