Category: Computer Virus
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
18 Jul 2006
The W32.Stong.A application propagates by infecting files that are executable and has keylogging and downloader capabilites. This virus infects executable files by prepending its body to them.
W32.Stong.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Stong.A from your computer.
More details about W32.Stong.A
The worm tries to infect all the files that are executable that are associated together with the entries of the subkeys of the registry. The virus infects the files that are executable by the prepending of the viral body to the files. The virus also saves the icon which is the original of the file that was infected in %UserProfile%\Local Settings\Temp\target.ico folders. The %UserProfile%\ variable refers torecent folder of the profile \. This is the C:\Documents and Settings\[CURRENT USER] found on Windows 2000, Windows NT, and windows XP. The virus then restores the icon, original ones, so the files that were infected will not appear as changed or distorted. The virus can generate another file. It generates subkey of the registry. The virus tries to contact the remote sites on the prot 80.
Once the W32.Strong.A was being performed, the virus creates the mutex “”. The worm infect the executables Windows such as the %System%\notepad.exe and %System%\dllcache\notepad.exe. The variable %System%\ refers to the folder of the system. This is the C:\Windows\System32 (only Windows XP), C:\Winnt\System32 (Windows 2000 and Windows NT), and C:\Windows\System (Windows Me, Windows 98, and Windows 95). The worm also specifies the running processes on your computer. Also the virus tries to infect any of the process that has names such as regedit.exe, msmsg, daemon.exe, mixer, soundman, adobe, adgj, stimon, usbdetect, msn6.exe, winampa, ctfmo, and Kodak. The virus specifies the entries that can be found on the subkeys of the registry.