Aliases: N/A
Variants: N/A

Classification: Malware
Category: Trojan Horse

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 30 Oct 2002
Damage: Low

Characteristics: W32.Gezak is a Trojan that infiltrates through copying itself as “VGA32.exe “ in windows system directory folders. It attacks machines with Microsoft office program and propagates itself mostly on the “A” drive or floppy discs. It intermittently copies itself to the floppy. This virus uses filenames that are chosen randomly from its own list. All platforms of windows are vulnerable to this worm, may it be Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP.

More details about W32.Gezak

The Trojan locates the Windows main installation folder and uses it as a destination folder. It also attempts to spread by copying itself with the hidden and system attributes. It also sometimes changes the boot sector and itcould result to the inability of the computer to run. Among many other Trojans, these are designed to allow a hacker remote access to a target computer system. Once installed, it is possible for a hacker to access it remotely and perform several operations. These operations limit the user privileges on the target computer system which basically is the design of the Trojan horse. This may steal private information on the compromised computer. This information may lead to the hands of the black market.

The W32.Gezak program is a program that facilitates the remote influence of a targeted computer. This remote control or backdoor utility enables the hacker to see and even capture even password-protected information of the user. Moreover, it also makes the user capable of executing various commands that may be directed to the infected computer. Users accounts also indicate that the W32.Gezak program has the capability the download other files into the folder without the user’s consent. It usually operates in the user’s background and keeps itself hidden from the user. The program also has the ability can run on its own without the user’s intervention every time a system boot is performed.