W32.Imaut Description

W32.Imaut is a Windows platform worm that propagates via communication services such as Yahoo! Instant Messenger and Microsoft Windows Live Messenger. When inside a system, W32.Imaut may attempt to communicate with a remote server, and download harmful files onto the compromised PC. W32.Imaut is also able to disturb or prevent certain security-related processes from running.

Type: Worms

Aliases: not-a-virus:Monitor.Win32.Ardamax.ae (Kaspersky Lab).

How Can You Detect W32.Imaut?

W32.Imaut Technical Report

As new W32.Imaut details are reported by our customers and findings from our Threat Research Center, we will update this section.

W32.Imaut’s Country of Origin:

• Germany, United Kingdom

W32.Imaut has typically the following processes in memory:

• %Windir%\regsvr.exe
• %System%\svchost .exe
• %System%\28463\svchost.exe
• %System%\regsvr.exe

W32.Imaut creates the following registry entries:

• [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

Important Article Disclaimer