Win32/Wigon [Threat Name] go to Threat

Win32/Wigon.NI [Threat Variant Name]

Category trojan
Size 29184 B
Detection created Mar 03, 2010
Detection database version 4912
Aliases Trojan-Ransom.Win32.DigiPog.ep (Kaspersky)
  TrojanDownloader:Win32/Cutwail.gen!C (Microsoft)
  PWS-Zbot.gen.ak (McAfee)
Short description

Win32/Wigon.NI is a trojan that installs Win32/Wigon.KQ malware.


The trojan copies itself to the following locations:

  • %windir%\­system32\­reader_s.exe
  • %userprofile%\­reader_s.exe

The files are then executed.

In order to be executed on every system start, the sets the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "reader_s" = %windir%\­system32\­reader_s.exe"
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "reader_s" = "%userprofile%\­reader_s.exe"
Other information

The trojan creates and runs a new thread with its own program code within the following processes:

  • %system%\­svchost.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.