W32.Winiga

By JubileeX in Worms

Threat Scorecard

Ranking:	1,669
Threat Level:	20 % (Normal)
Infected Computers:	21,792

First Seen:	April 4, 2012
Last Seen:	September 20, 2023
OS(es) Affected:	Windows

W32.Winiga is a computer worm that uses removable drives to spread itself. W32.Winiga also aims at stealing information from the targeted computer. Once executed, W32.Winiga creates the specific files on all removable drives. W32.Winiga also drops and runs a possibly malevolent files from the web. W32.Winiga then creates the certain registry entry so that it can launch whenever you turn your computer on. W32.Winiga also creates more registry entries. W32.Winiga tries to avoid the Windows firewall by creating even more registry entries and runs the specific command '[netsh firewall add allowed program]' to change the firewall settings. W32.Winiga also collects and transmits the particular information by email to remote attackers including IP address, IP host name, Windows version and many other.

Table of Contents

File System Details

W32.Winiga may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%SystemDrive%\Winis7\opera.exe
Name: %SystemDrive%\Winis7\opera.exe Type: Executable File Group: Malware file
2.	%DriveLetter%\new.exe
Name: %DriveLetter%\new.exe Type: Executable File Group: Malware file
3.	%SystemDrive%\Winis7\Data\sss.col
Name: %SystemDrive%\Winis7\Data\sss.col Group: Malware file

Registry Details

W32.Winiga may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"AbGame" = "%SystemDrive%\Winis7\opera.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AbGame" = "%SystemDrive%\Winis7\opera.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\"%SystemDrive%\Winis7\opera.exe" = "ELEVATECREATEPROCESS"

List\"%SystemDrive%\Winis7\opera.exe"= "%SystemDrive%\Winis7\opera.exe:*:Enabled:Sudoku"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\"AbGame" = "%SystemDrive%\Winis7\opera.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\"AbGame" = "%SystemDrive%\Winis7\opera.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\"%System%\cmd.exe" = "RUNASADMIN"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\

\"%SystemDrive%\Winis7\opera.exe"= "%SystemDrive%\Winis7\opera.exe:*:Enabled:Sudoku"

HKEY_USERS\S-1-5-21-1390067357-1708537768-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\"AbGame" = "%SystemDrive%\Winis7\opera.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\"AbGame" = "%SystemDrive%\Winis7\opera.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\"Sudoku" = "%SystemDrive%\Winis7\opera.exe"

HKEY_USERS\S-1-5-21-1390067357-1708537768-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\"Sudoku" = "%SystemDrive%\Winis7\opera.exe"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

URLs

W32.Winiga may call the following URLs:

totaltopposts.com

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

W32.Winiga

Threat Scorecard

EnigmaSoft Threat Scorecard

File System Details

Registry Details

URLs

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen