Worm:Win32/Gnoewin.A Description and Removal Instructions

Worm:Win32/Gnoewin.A Description (Scan your PC to Detect Worm:Win32/Gnoewin.A with SpyHunter)

Cybercriminals have been busy all year round trying to design more sophisticated computer threats to infect computers, mostly those who use the Internet. Currently, there are over 700 distinct families of computer malware listed by security researchers. According to estimates by the researchers, five types of malware are launched onto the Internet every minute. Recently, a computer worm known as Worm:Win32/Gnoewin.A was unearthed by Internet security experts. Worm:Win32/Gnoewin.A is a self-replicating application that spreads from one computer to another using several channels. Just like a typical computer worm, Worm:Win32/Gnoewin.A propagates by copying itself directly to a network drive or onto a third party storage device. Worm:Win32/Gnoewin.A may also exploit known vulnerabilities on a computer. Platforms where user interaction is important are also popular breeding grounds for worms such as Worm:Win32/Gnoewin.A. The worms normally attach themselves in email messages and once a user clicks on the attachment, the worm executes and replicates further. The worm may also send a link to a clone of itself in the body of an email message. Usually, the message has to be very persuasive to convince the victim to click on the link. If the victim clicks on it, it will trigger the download of the worm onto the victim’s computer.

The presence of Worm:Win32/Gnoewin.A on a computer does not become apparent immediately because there are usually no obvious signs of its presence. The worm makes a few modifications to the registry by adding false values to the sub-key ‘HKCU\Software\Microsoft\Internet Explorer\Toolbar’. The motive of this worm’s authors is not yet clear as there’s no evidence suggesting that they are after monetary gain. When installed on a computer, Worm:Win32/Gnoewin.A evades detection by anti-malware software by injecting a code into several running processes, including those of the resident anti-malware tool. To replicate itself, the Worm:Win32/Gnoewin.A worm copies an ‘autorun.inf’ file to the root directory of each drive that Worm:Win32/Gnoewin.A attacks. The autorun.inf file normally comprises operating system execution instructions. These instructions enable the worm to be executed automatically when the drive (external) is accessed from a different computer that has Autorun features.

Note that autorun.inf files are not always malicious files on their own because legitimate applications use them too. However, many forms of malware create autorun.inf files on targeted drives to propagate themselves from one machine to another. Worm:Win32/Gnoewin.A is also known to access a remote host via port 80. Like any other form of malware, there are various reasons why the worm contacts a remote host, including the following:

  • To report a successful infiltration to the author.
  • To install other malware files.
  • To execute the authors instructions.
  • To transmit user information harvested from the compromised computer.
  • To receive further configuration details from the author.

How to Increase Your Computer’s Security

  • Keep all your installed software up-to-date.
  • Install a reliable anti-malware application and get regular updates, preferably on a weekly basis.
  • Restrict user privileges on your computer.
  • Beware of social engineering tricks. They are typically used by cybercriminals to lure users onto malware infested sites.
  • Avoid opening email attachments that look suspicious. Likewise, avoid clicking on anything that looks unclear.

Automatically Detect Worm:Win32/Gnoewin.A

  1. Download SpyHunter* Scanner to Detect Worm:Win32/Gnoewin.A
  2. Run a full system scan to detect Vista Home Security 2012 files.
  3. Once you've detected Worm:Win32/Gnoewin.A on your PC, you will then need to purchase SpyHunter to start the removal process.
  4. Reboot your PC and rerun the scan for any remaining traces of Worm:Win32/Gnoewin.A.
Spyware Database Worm:Win32/Gnoewin.A