Category: Trojan Horse
North and South America, Asia, Australia
24 Sep 2003
This malware is classified as dormant primarily because its main method of propagation is the floppy disk which is no longer used in majority of systems. The W32.Arnger program is responsible for placing a copy of itself onto the floppy disk and automatically delivering its payload when the drive is accessed.
W32.Arnger Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a trojan horse removal tool to automatically clean W32.Arnger from your computer.
More details about W32.Arnger
This Worm makes use of the UPX packing method and is spread to other computer systems by using the floppy disk as its main transport media. When launched in a vulnerable computer system, the Win32.Arnger malware will attempt to overwrite the contents of executable files rendering them unusable. In some instances, this malware may opt to create a copy of itself using either a COM or EXE file extension. Based on accounts of previous infections from the Win32.Arnger malware, some of the filenames commonly associated with it include systmger.exe, calc.exe, syscalc.com, notepad.exe, syspad.com, and sysctrl.com among others. These files are only created by the malware if they do not exist in the host computer system. If they do exist however, the existing file will be overwritten with the codes of the malware. Consistent with most Worm variants, this malware can spread quite fast provided that the computer system still makes use of floppy disks. The Win32.Arnger malware normally places a copy of itself onto the floppy disk using the Modelos_AQP.exe, Fotos2002.exe, la_Novia.exe, Pitufoso.exe, and Natalia_Oreiro.exe filenames among others.
According to antivirus developers, no other transport mechanism has been identified with this particular threat. The malware will automatically deliver its payload to the computer system once the infected floppy disk is accessed by the unsuspecting computer user. The comments "$ARCANGEL 2002..AREQUIPA - PERU" have been found in the codes of this malware and are normally displayed on the screen of the computer user once the machine has been infected.