W32/Tiotua-P, W32/YahLover.worm.gen, W32.Yautoit.N, Worm.AutoIt!sd5, Worm:Win32/Sohanad.M
IM-Worm.Win32.Sohanad.bm, W32/SillyFDC-G, Mal_AUMAL-2, Worm:Win32/Nuqel.A, Virus.Win32.Alman
Category: Computer Worm
Europe, Asia, North America
18 Jan 2008
This Worm makes use of removable and fixed storage devices found in the infected computer system to spread its codes. It may also target unprotected or weakly protected network shares allowing it to compromise other network clients. The W32.Gudek is capable of illegally terminating some critical system processes as well as infecting particular file types found in the host computer system. Its presence usually lowers security settings and affects file integrity.
W32.Gudek Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Gudek from your computer.
More details about W32.Gudek
File traces that are associated with the malware W32.Gudek may take the form of batch, executable, command, system, and information file formats among others. These file traces are normally stored in the same directory folder of the operating system. In the case of removable storage devices the W32.Gudek will create an accompanying launch file which will allow this malware to execute once an unsuspecting computer user accesses the contents of the drive. For network shares this malware usually makes use of an executable file which automatically launches the infection when the shared drive is accessed. The W32.Gudek also requires the modification of certain Windows Registry keys to activate its other feature sets like automatic loading on system boot up.
There are a number of file formats that can be infected by this malware. Usually threats concentrate on executable files, however, with the W32.Gudek, even some archives and multimedia files can be infected. Once a file is infected by this malware the text string "Locked by Mr. Guddu is added into the codes of the compromised file. The W32.Gudek makes use of the Simple Mail Transfer Protocol service to send an email message to its malicious author. The message usually identifies the computer and user names associated with the compromised machine. Protection applications are terminated by the W32.Gudek malware.