W95/Sadon, Win32.Mudant.887, W32/Muttant.867
Category: Computer Virus
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
09 Jul 2003
W32/Sadon.dr is a virus that acts as a dropper for W32.Sadon.867. It affects all the executable files in the current folder. W32.Sadon.867 is a malware that was designed with a goal to steal personal information from your computer. This application was written for a Windows platform. This program attempts to spread its copies via local network and send W32.Sadon.867 in the address book of the system. Virus definitions dated July 10, 2003 or earlier may detect this threat as W32.MutantQSix.dr.
W32.Sadon.dr Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Sadon.dr from your computer.
More details about W32.Sadon.dr
W32/Sadon.dr is an executable file infector that spreads by appending an encrypted version of itself to the end of all the other executable files, which are in the same folder as the virus. When a file that is infected with W32/Sadon.dr is executed, it decrypts the virus, runs it, and adds its encrypted infection routine to all the .exe files, which are in the same folder. Then, it passes control of the .exe file back to the infected host, so that you will not notice any difference in behavior.
According to some reports, the W32/Sadon.dr program could infect the computer when the user is surfing malicious websites. The dominant characteristics of this malware include: the capability to install without user consent; the ability to permit remote influence; distribution of threats; disabling of programs; and exploitation of a security flaw. It is possible that when this malware is executed, it would register a DLL file as Browser Helper Objects (BHO) for Internet Explorer and attempts to download more malicious programs, which might include this program. Using the program’s backdoor ability, hackers are able to get information from the infected systems without consent.