Aliases: PE_PARDONA.Q, Trojan-DDoS.Win32.Agent.p, Virus.Win32.Wuke, Virus:Win32/Pardona.Q, W32/Pardona-K
Variants: W32/Wuke.dr, Trojan-PWS.Win32.QQPass, TrojanDownloader:Win32/Delf, Mal/EncPk-AE, Win-Trojan/Agent.178688.C

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America
Removal: Easy
Platform: W32
Discovered: 28 Dec 2006
Damage: Low

Characteristics: Consistent with the functionality of most virus variants, the W32.Mediasups infects executable files that are stored in the hard drive of the host computer system. It has the built-in additional capability of being able to contact remote servers presumably under the control of the malicious author. This virus can download more potentially dangerous files and execute them arbitrarily to further the vulnerability of the compromised computer system.

More details about W32.Mediasups

This virus has been observed to extract TMP, EXE, and SYS file components in the host computer system during its initial execution. The file traces identified with the W32.Mediasups are stored in the temporary folder of the user's profile location in the hard drive. This threat will attempt to tamper with the Media Services configuration of the operating system by introducing new key values into the Windows Registry. The W32.Mediasups adds its new key values into the MEDIADRIVER and LEGACY_MEDIADRIVER subkeys of the Windows Registry service. After successfully integrating its presence into the system registry the W32.Mediasups will proceed to infect all executable files that it will find in the local hard drive including those that reside in network drives.

Whenever an executable file that is infected by the W32.Mediasups virus is launched, it will attempt to infect other EXE format files by overwriting its contents with the virus code. This results in an executable file that is corrupted and cannot be repaired. The SYS format file component of the W32.Mediasups will be used to create a system service for the malware. This routine is intended to avoid detection by system monitoring tools and protection applications. The W32.Mediasups will attempt to contact predetermined websites for the downloading of more components. This virus will crash the debugger of the operating system.