W32.Wergimog
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 2,268 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 9,588 |
| First Seen: | March 28, 2012 |
| Last Seen: | September 20, 2023 |
| OS(es) Affected: | Windows |
The W32.Wergimog worm is a dangerous malware infection that was first detected in March of 2012. The fact that W32.Wergimog is a worm means that W32.Wergimog can spread on its own. ESG security analysts have observed that W32.Wergimog has the capability to infect computer systems executing nearly all versions of the Windows operating system. Like many worms, W32.Wergimog has the ability to spread through infected external memory devices and shared folders on a network. It seems that W32.Wergimog's main objective is to open a backdoor into the infected computer system. W32.Wergimog seems to have come from the Russian Federation or Eastern Europe. At the moment of writing this report, W32.Wergimog's distribution is still quite low and W32.Wergimog Worm has not become a widespread malware infection. While W32.Wergimog's threat is not particularly high, considering that W32.Wergimog does not actually damage the infected computer system by itself, ESG security analysts consider W32.Wergimog a serious threat. This is because of the backdoor that W32.Wergimog uses, which criminals can then use to install any kind of serious malware infection on the victim's computer system.
Table of Contents
Further Information on W32.Wergimog
Apart from opening a backdoor into the victim's computer, ESG malware analysts have observed that W32.Wergimog has the ability to steal information from the victim's web browser and FTP application, particularly FileZilla and Mozilla Firefox. The files associated with W32.Wergimog will usually have names composed of random numbers with an EXE extension. As part of its installation process, W32.Wergimog will make copies of its files in several folders, including the System folder and the Windir folder. W32.Wergimog will also create copies of itself on any drives that W32.Wergimog detects in the infected computer system, also creating Autorun components that force any computer to run W32.Wergimog naturally after the infected drive is plugged in. W32.Wergimog also makes dangerous changes to the Windows Registry that allow W32.Wergimog to run automatically before most other file processes. W32.Wergimog has the capacity to introduce malicious code into the Windows Explorer.exe process which W32.Wergimog then uses to create a backdoor into the infected computer system. This backdoor, on TCP port 80 or 2040, is then used to connect to a remote server that has been identified as v2z.imageshak.biz.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %System%\service[RANDOM NUMBER].exe | |
| 2. | %Windir%\service[RANDOM NUMBER].exe | |
| 3. | %DriveLetter%\RECYCLER\autorun.exe | |
| 4. | %DriveLetter%\autorun.inf |
Registry Details
URLs
W32.Wergimog may call the following URLs:
| stayprotectedsupport.com |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.