Welcome to the Virus Encyclopedia of Panda Security.
|Effects: ||It spreads through a network called Mandragore.|
|Detection updated on:||Sept. 7, 2000|
Mandragore is a worm that uses a peer-to-peer network called Gnutella to spread: this network consists of nodes and inter-connected computers, and it allows users to download files shared by other users.
To carry out its actions, Mandragore follows these steps:
- It goes memory resident and creates a file called GSPOT.EXE on the affected computer.
- Then, it waits for the affected computer to connect to the Gnutella network as one of its nodes.
- When a user attempts to find a file on the Gnutella network, Mandragore presents a file matching the search. However, this file contains the worm. In this way, the worm activates when the user downloads and runs the file.
Mandragore does not cause any damage to affected computers. However, its great propagation capabilities might affect network performance.
There are no visible symptoms that alert users to the presence of Mandragore on affected computers. However, the presence of a file called GSPOT.EXE on the affected computer can be considered a clear symptom of infection.