Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Maddis-A

Feb 27, 2004 12:26PM PST

Aliases
W32/Maddis.worm, W32/Aveng.A

Type
Win32 worm

Description
W32/Maddis-A is a worm which spreads via networks shares. The worm uses stealth techniques in an attempt to hide its presence on an infected computer.
When first run, W32/Maddis-A creates a copy of itself named usrinit.exe in the Windows system folder and a file named helper.dll in the Windows or Temp folder.

On Windows98 based operating systems the worm adds the registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate

On Windows NT based operating systems usrinit.exe is registered as a service

More: http://www.sophos.com/virusinfo/analyses/w32maddisa.html

Discussion is locked