W32.Darkgoose.Trojan


Aliases: Darkgoose.Trojan, Trojan.Win32.KillFiles.ae, W32.Darkgoose, QDel350
Variants: N/A

Classification: Malware
Category: Trojan Horse

Status: Active
Spreading: Slow
Geographical info: Asia, North and South America, Europe, Australia and some parts of Africa
Removal: Easy
Platform: W32
Discovered: 27 Nov 2002
Damage: High

Characteristics: W32.Darkgoose.Trojan contains an infection length of 20,480 bytes or 145 bytes. This worm is a Visual Basic Application that deletes critical system files on Windows systems (Windows 95, 98, Windows NT, Windows 2000, Windows XP and Windows Me).

More details about W32.Darkgoose.Trojan

This Trojan, running as a Visual Basic Application, creates a batch files from the following folders: C:, C:\Windows, C:\Windows\System, C:\Windows\System32 after its execution in creating the file C:\Abracadabra.bat. Most systems affected by this Trojan are the Windows 95, 98, NT, 2000, XP and Me. Then the Trojan shows dialog boxes which include texts like “Do You Like Magic?...I Can Make Magically Disappear. 5, 4, 3, 2, 1“ and then voila! Your computer files are gradually disappearing. While these lines are shown, the batch files are executed then deletes all files in the Windows system. Trojan applications are typically disguised as harmless files. Users often receive them via e-mails and instant messages. They are commonly labeled as humorous presentations. The message and content of the messages entice the user to open a file or click on a link. Doing so will automatically download and install the Trojan software into the system.

The W32.Darkgoose.Trojan program can also be spread via other malicious software. They can also be posted on websites, forums and file sharing networks. They may be labeled as popular downloads or retail software that have been cracked for free use. The application can also be bundled with the installers of other applications. Visiting an infected Web page may also execute the program.