SPREADING IN THE WILD
Virus Name : W32.Ganda@mm
Alias : I-Worm.Ganda, W32/Ganda-A,
Virus type : Internet
level : Low
a mass mailing worm uses e-mail addresses stored
in Windows Address book and also collects
addresses from .htm*, .dbx, .eml files to distribute infected
Ganda arrives as an e-mail attachment with random
message subject and message body taken from the worm internal
list. The worm uses its own SMTP server to
send the infected emails. The
infected message body and subject will be in English or
Swedish depending on the infected computer.
worm subject will be one of the following
G.W Bush animation.
GO USA !!!!
Is USA a UFO?
Is USA always number one?
Go ack ack ack....
Katt, hund, kanin.
Rashets eller inte?
the infected attachment is executed, the worm copies itself to
Windows folder as Scandisk.exe, tmpworm.exe.
It also copies to a random eight digit file name in the
windows folder. It also modifies
registry run section to load automatically on the next machine
modification is given below.
When active in memory, it
will try to terminate antivirus and security programs in the
infected system. In few cases, Ganda will fake the senders email
id. It will change the "From" field of the infected
mail with Swedish journalists e-mail address.
worm attaches a small piece of code with all EXE and SCR files in the system. If you have deleted the main worm files,
the attached piece of code in the EXE files are automatically
The worm contains
the following text
[WORM.SWEDENSUX] Coded by Uncle Roger in Hõrnsand, Sweden, 03.03.
I am being discriminated by the swedish schoolsystem.
This is a response to eight long years of discrimination.
I support animal-liberators worldwide.
How can I protect my
Solo has incorporated W32.Ganda@mm in its signature file to
protect users from this worm attack. Solo
antivirus registered users are already protected
from this worm. Make sure that you have installed
registered version of Solo Antivirus to protect
your system from all virus threats.
to remove this worm?
you are already infected with this worm, you can
remove it from your computer using Solo Antivirus
software. Solo antivirus can detect and
remove W32.Ganda@mm safely. Use the
following link to Download 30 day trial
version of Solo antivirus
remove viruses from your computer.
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VBS, Java scripts,
Trojans, Backdoors, boot sector, partition table
and macro viruses.
purchase Solo antivirus using the link