Malware.Gammima
Malware.Gammima is a worm which is spread by attackers through removable media. Malware.Gammima enables cyber criminals to get access and full control over the targeted computers. Malware.Gammima is executed whenever the user opens a corrupted storage tool. Malware.Gammima stealthily installs itself into the computer system and runs a payload. Malware.Gammima surveys Internet Explorer windows in order to steal account details and other personal information associated with the MapleStory online game. Malware.Gammima sends gathered data to a predestined web site. Malware.Gammima inserts its code into every active process. Therefore, the worm runs constantly.
Aliases
Generic PWS.ak [McAfee]
Win-Trojan/Magania.98801 [AhnLab]
Trojan-GameThief.Win32.Magania.brvd [Kaspersky Lab]
Worm:Win32/Taterf.B [Microsoft]
Mal/Generic-A [Sophos]
Win-Trojan/Magania.98801 [AhnLab]
Trojan-GameThief.Win32.Magania.brvd [Kaspersky Lab]
Worm:Win32/Taterf.B [Microsoft]
Mal/Generic-A [Sophos]
File System Modifications
- The following files were created in the system:
# File Name 1 %Temp%\lhgjyit0.dll 2 %Temp%\lhgjyit1.dll 3 %Temp%\uret463.exe 4 c:\autorun.inf 5 c:\ig.bat
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\MADOWN]HKEY..\..\..\..{RegistryKeys}dorfgwe = "%Temp%\uret463.exe"urlinfo = "awsuym.j"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.