Aliases: W32.Grenail.C!inf, W32/Patcher, Mal/Generic-A
Variants: Virus:Win32/Mesoum.D, Virus.Win32.Patched

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 08 Jan 2009
Damage: Low

Characteristics: According to some computer experts, it seems that this particular virus was designed to specifically make a compromised machine more vulnerable to the entry of more threats. The W32.Grenail!inf functions by infecting various executable files and allowing these files to launch other more dangerous codes in the computer system. It has been observed to lower or completely shutdown security processes in the infected machine to make the entry of more harmful codes easier.

More details about W32.Grenail!inf

Viruses in the computer world are known primarily for their destructive payloads. The W32.Grenail!inf is different from other malware in its class in the sense that its payload is considered as low. This is because the role of this virus is not to destroy file systems but rather to breakdown defenses. The W32.Grenail!inf virus normally enters a vulnerable system via a malicious website via background downloading. Once it enters the computer system it will launch without requiring user intervention. Consistent with other viruses the W32.Grenail!inf will inject its code into the target file resulting in an additional 120 bytes in file size. It however will not prevent the infected file from executing but rather will make it into another trigger file.

Some previous instances of infections have revealed that an infection from the W32.Grenail!inf seems to affect the quality of the Internet connection. Sluggish performance of the Web browser has also been observed in infected computer systems. Another notable effect of the W32.Grenail!inf malware is that it automatically shuts down the automatic protection feature of the antivirus application. There is a possibility that the W32.Grenail!inf may also terminate background processes referencing security protocols of the host machine. It is presumed that majority of its controls are established in the Windows Registry where it possibly modifies or appends new key values.