Worm.Gnoewin.A

Posted: October 5, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	5/10
Infected PCs:	54

First Seen:	October 5, 2012
OS(es) Affected:	Windows

Worm:Win32/Gnoewin.A is a worm that distributes itself through removable hard drives, creates backdoor vulnerabilities that allow criminals to compromise your PC and makes negative changes to Internet Explorer's settings. Since Worm:Win32/Gnoewin.A often is installed by Dorkbot worms, SpywareRemove.com malware research team emphasizes the usefulness of scanning your entire PC with anti-malware programs that can remove Worm:Win32/Gnoewin.A along with any additional malware that may be installed with Worm:Win32/Gnoewin.A. Aside from an unchangeable Internet Explorer toolbar, Worm:Win32/Gnoewin.A doesn't show any symptoms and may be difficult to detect or isolate without said programs.

Worm:Win32/Gnoewin.A: the Browser Bug that Has a Multitude of Problems in Store for Your Computer

As a versatile and multifunctional PC threat, Worm:Win32/Gnoewin.A can be installed by many methods, although SpywareRemove.com malware experts consider Dorkbot worms to be the most likely avenue for a Worm:Win32/Gnoewin.A infection. Dorkbot worms also may install other PC threats (such as Worm:Win32/Gnoewin.B, Trojan.Win32.Lethic.F or members of the Pushbot family) and can be involved in additional attacks.

The only obviously observable change that Worm:Win32/Gnoewin.A makes to an infected PC is to modify its Registry settings to lock Internet Explorer's toolbar – this prevents you from making any customization changes to it. Worm:Win32/Gnoewin.A also injects its code into your normal browser's memory process, and in conjunction, SpywareRemove.com malware analysts consider these attacks to be indicative of Worm:Win32/Gnoewin.A engaging in browser redirects, theft of browser-transmitted data or other browser hijacker-typical attacks.

Checking for Worm:Win32/Gnoewin.A Before You Plug in Your USB Drive

Besides its usual installation method that requires the presence of other worms, Worm:Win32/Gnoewin.A also uses Autorun exploits to install itself on other computers. By creating concealed copies of itself on removable HD devices, along with an Autorun file, Worm:Win32/Gnoewin.A can install itself on any other computer that uses the infected device. Avoiding sharing of USB devices is, accordingly, SpywareRemove.com malware experts' most fervent tip on how to isolate a Worm:Win32/Gnoewin.A infection.

Worm:Win32/Gnoewin.A also circumvents your computer's network security, opens a port without your permission and makes contact with a remote server. Other attacks from Worm:Win32/Gnoewin.A may vary with the instructions and/or files that Worm:Win32/Gnoewin.A receives from its Command & Control server. Like all types of malware that create backdoor vulnerabilities, Worm:Win32/Gnoewin.A should be considered a major breach of your PC's safety even though its symptoms can be minor or nonexistent.

Distributing malware related to Worm:Win32/Gnoewin.A, such as Dorkbot worms, often make use of spammed social networking links for initial attack vectors. Avoiding such links is preferable if at all possible, although competent anti-malware software should be able to uninstall Worm:Win32/Gnoewin.A and Dorkbot if you do need to disinfect your PC. Proactive security measures should be emphasized to prevent Worm:Win32/Gnoewin.A and its fellows from spreading, since malware affiliated with Worm:Win32/Gnoewin.A were found to infect tens of millions of PCs in the last year.

Aliases

Generic29.RJH [AVG]W32/Kryptik.AKCT!tr [Fortinet]Win32.Ircbot [Ikarus]Worm/Gnoewin.A.5 [AntiVir]Gen:Variant.Kazy.88387 [BitDefender]UDS:DangerousObject.Multi.Generic [Kaspersky]Win32:IRCBot-EWO [Trj] [Avast]Artemis!02CFCABABDD9 [McAfee]Trojan.Agent.gen [CAT-QuickHeal]Generic Worm [Panda]Generic29.ASUO [AVG]W32/Kryptik.ALIE [Fortinet]Worm.Win32.Gnoewin [Ikarus]Trojan/Win32.Agent [AhnLab-V3]Worm/Gnoewin.A.2 [AntiVir]
More aliases (105)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%APPDATA%\45.exe

File name: 45.exe
Size: 31.74 KB (31744 bytes)
MD5: 02cfcababdd958f538463895bbb4d104
Detection count: 96
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: January 28, 2013

%APPDATA%\ScreenSaver.com

File name: ScreenSaver.com
Size: 53.24 KB (53248 bytes)
MD5: e29747c45ac8905293c4b550df945d74
Detection count: 30
File type: Command, executable file
Mime Type: unknown/com
Path: %APPDATA%
Group: Malware file
Last Updated: October 12, 2012

%APPDATA%\4B23.exe

File name: 4B23.exe
Size: 28.67 KB (28672 bytes)
MD5: 2f2100ec5368b5aebb02256a61b1e7f6
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: December 5, 2012

%APPDATA%\3F.exe

File name: 3F.exe
Size: 29.69 KB (29696 bytes)
MD5: b5925e7698a5a72dbd50be9064383e2d
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: October 22, 2012

%APPDATA%\8.exe

File name: 8.exe
Size: 35.84 KB (35840 bytes)
MD5: c91021712ac1f4a6d5e33f2ae70a3f9b
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: December 20, 2012