Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
• Symantec: W32.Licum
• Mcafee: W32/Gael.worm.a
• Kaspersky: Virus.Win32.Tenga.a
• TrendMicro: PE_TENGA.A-O
• Sophos: W32/Tenga-A
• VirusBuster: virus Win32.Tenga.A
• Bitdefender: Win32.Gael.3666
Platform / OS:
• Windows XP
• Downloads a malicious file
• Makes use of software vulnerability
W32/Stanit is a windows file infector that searches the computer for PE executable files. The search routine scans the hard drive recursively for .exe files. It appends its code at the end of the infected files, modifying the entry point in the file header in order to execute itself.
In order to prevent multiple infections of the same file, an infection marker is added to the modified files: the 50th byte in each infected file is modified to value 56 - ascii value "V".
Description inserted by Sergiu Oprea on Monday, August 28, 2006
Description updated by Sergiu Oprea on Friday, September 8, 2006