Win32.Worm.Coidung.B
Posted: November 15, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 5/10 |
|---|---|
| Infected PCs: | 14 |
| First Seen: | November 15, 2011 |
|---|---|
| Last Seen: | January 29, 2020 |
| OS(es) Affected: | Windows |
Win32.Worm.Coidung.B is a worm that's distributed in the form of a fake Office Genuine Advantage utility that's spammed on instant messaging programs like Yahoo Messenger. Even if this tool were legitimate, there wouldn't be any need to download it, since Microsoft has retired the Office Genuine Advantage program since late 2010. If you do install Win32.Worm.Coidung.B by mistake, Win32.Worm.Coidung.B will copy itself to your Windows system folders and open a backdoor on your PC that allows remote criminals to take control of the system. Win32.Worm.Coidung.B is also accompanied by Win32.Virtob, a virus that piggybacks along with Win32.Worm.Coidung.B and utilizes other forms of anti-security attacks. Although removal of both Win32.Worm.Coidung.B and Win32.Virtob is essential for your computer's health, full removal is unlikely without assistance from an appropriately-powerful anti-malware product and standard anti-malware techniques (including Safe Mode and external sources for system boots).
How Win32.Worm.Coidung.B Gets to You (and What Happens Next)
Although it's possible to acquire a Win32.Worm.Coidung.B infection from unsafe websites or P2P downloads, Win32.Worm.Coidung.B's primary propagation technique uses Yahoo Messenger spam. These spam messages will offer a fake 'office_genuine.exe' file that's supposedly connected to Microsoft's Office Genuine Advantage program. Naturally, this connection only extends as far as the file name, which is named such explicitly to conceal Win32.Worm.Coidung.B.
If you choose to download and install Win32.Worm.Coidung.B, your PC will immediately come under several different attacks, starting with:
- A disabled Windows firewall. This prevents Windows from stopping any unauthorized network traffic to or from your PC.
- Multiple copies of Win32.Worm.Coidung.B will be created and hidden in your Windows folder.
- Win32.Worm.Coidung.B will place startup entries in the Registry to insure that Win32.Worm.Coidung.B can launch itself automatically as soon as Windows starts to load. You may be able to observe Win32.Worm.Coidung.B's memory processes in Task Manager, provided that Win32.Worm.Coidung.B hasn't blocked Task Manager in the first place.
Win32.Worm.Coidung.B will then try to acquire further instructions from a remote server as to what other actions Win32.Worm.Coidung.B should take. These actions can encompass DDoS attacks, stealing personal information via keylogging or installing other types of harmful software. Because Win32.Worm.Coidung.B has the flexibility of a backdoor Trojan and the self-copying abilities of a worm, SpywareRemove.com malware researchers note that removing Win32.Worm.Coidung.B without a competent anti-malware program is extremely difficult.
Win32.Worm.Coidung.B's Comrade in PC Sabotage
Unusually for a worm, Win32.Worm.Coidung.B also makes use of a second infection that Win32.Worm.Coidung.B bundles with itself – this infection, the virus Win32.Virtob, has polymorphic characteristics that help it avoid detection. Win32.Virtob attaches itself to Win32.Worm.Coidung.B and can, therefore, make use of Win32.Worm.Coidung.B's worm functions for infecting new computers. SpywareRemove.com malware experts advise victims of Win32.Worm.Coidung.B attacks to pay close attention to network-shared folders and to removable storage drives, since both of the above may be exploited by Win32.Worm.Coidung.B and Win32.Virtob to find a new PC to attack.
Like Win32.Worm.Coidung.B, Win32.Virtob's default functions are largely backdoor in nature and attack the security of any infected PC. Win32.Virtob may also infect web application scripts (such as HTML, ASP or PHP) on an independent basis without help from Win32.Worm.Coidung.B. Emulators and virtual machines are immune to Win32.Virtob, since it's programmed to avoid infecting such systems (most likely to circumvent analysis and detection processes by PC security companies).
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.