Aliases: Trj/W32.Cacogen [Panda],Win32.Cacogen [Computer Associates],Win32/HLLP.Cacogen [Computer Associates]
Variants: N/A

Classification: Malware
Category: Trojan Horse

Status: dormant
Spreading: slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 14 Oct 2002
Damage: Low

Characteristics: The W32.Cacogen program searches for .exe files in all folders on all drives except for CD-ROM drives.

More details about W32.Cacogen

The W32.Cacogen program is a virus that targets Windows .exe files and appends itself on the beginning of the file. It continuously searches for .exe files in all folders on all drives except for CD-ROM drives. Being a Trojan, it is characterized as any program with a hidden intent. They install themselves without the user's knowledge and so detection is a bit complicated. They do not do this automatically but rather to entice users to click on the program or file which are packaged with hacked legitimate programs that install the Trojan when the host program is executed. All PE files are also prone to damage and will be changed to .exe extension coming from all drives of the compromised computer, that is, from F to Z.

The W32.Cacogen program is capable of distributing threats to other computers. This may be done through the applications that are installed on the user’s computer. This includes P2P (peer-to-peer) file sharing programs. Some of the files that may be downloaded from P2P applications are infected with codes of illicit programs. Users usually don’t recognize the files as malware as they are disguised under filenames of different legitimate programs. A computer that is infected with this Trojan application shuts down and restarts by itself.