high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | August 2006 (4.08) |
| Protection available since | 23 May 2006 21:17:32 (GMT) |
| Last updated | 25 June 2006 19:51:45 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing infected executable files.
More Information
W32/Madang-A is a virus for the Windows platform.
W32/Madang-A attempts to infect files with an EXE or SCR extension on all drives and on connected network shares. Due to a bug in the code, W32/Madang-A may infect the same file more than once.
W32/Madang-A drops a file <Windows system folder>\Serverx.exe which it infects with itself and sets the following registry entry to run it on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Serverx
<Windows system folder>\Serverx.exe
W32/Madang-A attempts to inject itself either into the Kernel or into another process that is already running.
W32/Madang-A will not attempt to infect files on the 13th or the 26th of the month, instead attempting to open a remote website. The website for neither date is currently available.
W32/Madang-A attempts to run the files <Windows system folder>\setupx.exe and <Windows system folder>\Updatex.exe, although no attempt is made to download or drop these files.
W32/Madang-A has been seen using an infected copy of W32/Lovgate-AD to spread via network shares, email, P2P networks and exploits. Any executable or zip file spread in this way will be detected as W32/Madang-A.
|
