Threat Encyclopedia

Home > Threat Center > Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

O
P
Q
R
S
T
U
V
W
X
Y
Z
Glossary

Win32/Wigon.NI

Aliases:	Trojan-Ransom.Win32.DigiPog.ep (Kaspersky), TrojanDownloader:Win32/Cutwail.gen!C (Microsoft), PWS-Zbot.gen.ak (McAfee)
Type of infiltration:	Trojan
Size:	29184 B
Affected platforms:	Microsoft Windows
Signature database version:	4912 (20100303)

Short description

Win32/Wigon.NI is a trojan that installs Win32/Wigon.KQ malware.

Installation

The trojan copies itself in the following locations:

%windir%system32reader_s.exe
%userprofile%reader_s.exe

The files are then executed.

In order to be executed on every system start, the modifies the following Registry keys:

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion
Run]
"reader_s" = %windir%system32reader_s.exe"
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
Run]
"reader_s" = "%userprofile%reader_s.exe"

Other information

The trojan creates and runs a new thread with its own program code within the following processes:

%system%svchost.exe

All Products:

Cart About ESET Partners United States and Canada

© 2012 ESET North America. All rights reserved. Trademarks used herein are trademarks or registered trademarks of ESET spol. s r.o. or ESET North America.
All other names and brands are registered trademarks of their respective companies.