W32.Ogid


Aliases: Ogid, W32.Ogid
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Fast
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 05 Oct 2003
Damage: Low

Characteristics: W32.Ogid is a worm that duplicates itself to numerous parts on the hard disk and mapped drives. As such, it tries to replicate itself to directories that popular file sharing programs share. These are mostly Kazaa, Limewire, or Torrent folders. It browses for and infects files in the Kazaa and eDonkey download folder. It automatically modifies system folders and continuously creates winstart.exe files. Doing it will allow the worm to regularly run when Windows starts.

More details about W32.Ogid

Though it only affects certain windows Operating System platforms such as Windows 2000, Windows NT, Windows Server 2003 and Windows XP. The files that may be used for copying itself as well as its infection are the following: About.exe, Hotfix.exe, Hotfix.exe, Overnetincoming, Programs, My Shared Folder, My Shared Folder, Downloads, Client, Incoming, hotfix.exe, Galaga2.exe, readme.exe, AIMPatch.exe, about.exe, Winamp3.exe, CuteFTP.exe, Fate Zero.exe, PGP Cracker4.exe, BattleNetKeyGen.exe, VIVO Player.exe, WinXP Serial.exe, Limewire7.2.exe, WinXP Crack.exe, Warcraft3 Crack.exe, DoomII Install.exe, pr0n Showcase.exe, Celeb Bloopers.exe, CrazyGirlSex.exe, Best of Porn.exe, DirectX9.exe, Netbus Scanner.exe, Photoshop6.exe, Cd Ripper2.0.exe, TheSims(1 of 3).exe, DIVX Codec.exe, SpyWare Stopper.exe, napster and New Media Files.

The W32.Ogid application is installed without the participation and consent of the user. It often takes advantage of weaknesses in the security of the computer to enable it to move away from any security software installed in the system. The program may incorporate itself as part of a legitimate program. Once installed, it hides itself from the user’s background while it performs its payload. It allegedly exposes a computer to outside influence wither via the Internet or LAN. It is similar to legitimate remote administration software employed by network administrators only that it secures no consent from the computer user.