Virus Information
Name: Mendware
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 1/12/2004
Date Added: 2/3/2004
Origin: Unknown
Length: Varies
Type: Trojan
This downloader trojan periodically connects to a remote site to retrieve configuration information. This information is used by the trojan to download and install other programs at the choosing of the user(s) in control of the remote site.
When run, the trojan copies itself to the %Application Data% directory with a random filename. Such as:
c:\Documents and Settings\Administrator\Application Data\walm.exe
A registry run key may get created to load the trojan at system startup (this was not observed during testing):
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run Mendware App = %trojan path%
Other marker keys are created under:
HKEY_CURRENT_USER\Software\Rota
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100994

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic