Welcome to the Virus Encyclopedia of Panda Security.
It ends the system processes LSASS.EXE and SVCHOST.EXE, and modifies the configuration of the affected computer: Windows Registry Editor, Task Manager, security warnings, etc. It spreads via MSN Messenger.
|First detected on:||Feb. 23, 2005|
|Detection updated on:||Feb. 24, 2005|
Stang.A is a worm that ends the processes LSASS.EXE and SVCHOST.EXE, which belong to the Windows operating system.
The process LSASS.EXE deals with local security and login policies and if it is ended, a countdown message is displayed, and the computer is restarted. On the other hand, SVCHOST.EXE handles processes executed from DLLs (Dynamic Link Library).
Stang.A also modifies the configuration of the affected computer: it prevents users from accessing the Windows Registry Editor and the Task Manager, and disables the security warnings displayed on Windows XP when either the firewall, the antivirus program or Windows Update are disabled.
Stang.A spreads via MSN Messenger.
Stang.A is easy to recognize, as it reaches the computer through the instant messaging program MSN Messenger, in a message with the following characteristics: