BackDoor.Generic2.LJB, Backdoor.Vb.ARG, Backdoor.Win32.VB.arg, BDS/VB.arg, Trojan.DL.Agent.eze
W32/BackdoorX.DPO, W32/VBDoor.FG, Win32/Malum.HPL infection
Category: Computer Virus
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
31 May 2006
The W32.Wamgin program is a virus that infects .exe file extensions on network drives. It also downloads files and executes them. The virus affects Windows operating system such as Windows 2000, Windows 98, Windows 95, Windows Me, Windows Server 2003, Windows NT, and Windows XP.
W32.Wamgin Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Wamgin from your computer.
More details about W32.Wamgin
W32.Wamgin program is a virus that infects .exe file extensions on network drives through network shares and removable media drive. It also downloads files and executes them. The virus affects Windows operating system such as Windows 2000, Windows 98, Windows 95, Windows Me, Windows Server 2003, Windows NT, and Windows XP. Once W32.Wamgin is executed, the virus drops Smss.exe, dnts.dat, and DBST32NT.LOG in Windows and system folders. It modifies or adds values in the registry so that the virus is executed every time the Windows starts and in order for the virus to be executed whenever a text file is opened. This Virus searches for network drives and tries to infect executable files. It as well attempts to connect to a particular Web site that contains URLs, which the virus attempts to download file and execute them.
The W32.Wamgin software allows another person to act as administrator of the infected computer. It receives commands from a remote server via the backdoor. The commands are executed in the system without the user’s consent. This can include monitoring the user’s activities. Files in the system may also be modified, deleted, or moved. The system settings can also be changed unknown to the user. This can be done to prevent removal of the malware program. Security features such as Safe Mode and System Restore may be disabled. The running processes of installed security software can also be stopped. Core system files may be deleted. Devices such as CD drives and webcams may be used to capture information. They can also be opened, closed, or disconnected without the user’s consent.