Welcome to the Virus Encyclopedia of Panda Security.
It attacks certain security tools, such as antivirus programs and firewalls, belonging to several companies. It downloads a file to the computer.
|First detected on:||April 21, 2005|
|Detection updated on:||April 22, 2005|
|Yes, using TruPrevent Technologies
Mitglieder.CG is a Trojan that heavily attacks several security tools, such as antivirus programs and firewalls belonging to different companies, if they are installed on the affected computer:
It deletes key files belonging to them from the affected computer.
It deletes the entries in the Windows Registry that allow them to be activated whenever Windows is started.
It stops services associated to those programs.
It also ends processes belonging to the applications that provide updates for antivirus programs.
It prevents access to the websites of their companies.
Every six hours, Mitglieder.CG attempts to download a file from different web addresses. This file is also detected as Mitglieder.CG.
Mitglieder.CG injects the executable file WINSHOST.EXE into the system process EXPLORER.EXE in order to carry out its payload.
Mitglieder.CG is easy to recognize once it has affected the computer, as it opens Notepad and displays the following text: