W32/Foxma.worm, Win32.HLLW.Foxma, W32/HLLW.Foxmango, Win32.Foxmagno, W32/Foxmagno
Category: Trojan Horse
Active & Spreading
Some parts of Asia, Europe, North and South America, Africa and Australia
04 Feb 2002
W32.Foxma is a Trojan horse that replicates itself to the \Windows\System folder. It arrives as Windows.exe. This Trojan horse is also known as W32/Foxma.worm, Win32.HLLW.Foxma, W32/HLLW.Foxmango, Win32.Foxmagno, W32/Foxmagno, WORM_FOXMA.A, PE_HLLW.FOXM.A. It was first discovered on February 4, 2002.
W32.Foxma Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a trojan horse removal tool to automatically clean W32.Foxma from your computer.
More details about W32.Foxma
W32.Foxma is a self-replicating Trojan. It copies itself to a particular folder using Windows.exe as its file name. Then, the Trojan modifies the system registry to actively run itself at startup. Written in Visual Basic 6.0, this Trojan adds the following value: RunSys C:\Windows\System\Windows.exe. This value is added to the system registry key. Thus, propagation of W32.Foxma is successfully executed.
The W32.Foxma application creates an unauthorized network connection between remote systems and the user’s computer. The W32.Foxma application is often used by other malware program to enter the system unnoticed. These malware applications utilize the backdoor functions of the program to communicate with remote servers on the World Wide Web. The security gaps created by the program enable security threats to acquire additional files from these online sources. These malware applications include Remote Access Tools (RATs), keyloggers, Trojan downloaders and worms.