Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement



Virus Name  : W32.Ganda@mm

Alias             : I-Worm.Ganda, W32/Ganda-A, WORM_GANDA.A, Ganda

Virus type    : Internet worm

Threat level : Low

Virus details :

                     Ganda is a mass mailing worm uses e-mail addresses stored in Windows Address book and also collects addresses from .htm*, .dbx, .eml files to distribute infected messages. 

                     Ganda arrives as an e-mail attachment with random message subject and message body taken from the worm internal list. The worm uses its own SMTP server to send the infected emails. The infected message body and subject will be in English or Swedish depending on the infected computer.

The worm subject will be one of the following

English version:

Disgusting propaganda.
G.W Bush animation.
GO USA !!!!
Is USA always number one?
Nazi propaganda?
Screensaver advice
Spy pics

Swedish version:

Avskyvä rd_reklam.
Go ack ack ack....
Katt, hund, kanin.
Korkad president.
Rashets eller inte?
Suspekta semaforer.

                     When the infected attachment is executed, the worm copies itself to Windows folder as Scandisk.exe, tmpworm.exe. It also copies to a random eight digit file name in the windows folder. It also modifies registry run section to load automatically on the next machine start.

The registry modification is given below.


                     When active in memory, it will try to terminate antivirus and security programs in the infected system. In few cases, Ganda will fake the senders email id. It will change the "From" field of the infected mail with Swedish journalists e-mail address.

                     Ganda worm attaches a small piece of code with all EXE and SCR files in the system. If you have deleted the main worm files, the attached piece of code in the EXE files are automatically disabled.

The worm contains the following text

[WORM.SWEDENSUX] Coded by Uncle Roger in Hõrnsand, Sweden, 03.03.
I am being discriminated by the swedish schoolsystem. 
This is a response to eight long years of discrimination.
I support animal-liberators worldwide.

How can I protect my system?

                   Solo has incorporated W32.Ganda@mm in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this worm?

                   If you are already infected with this worm, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove W32.Ganda@mm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VBS, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link