Virus:Win32/Madang.A is a detection for a virus that infects EXE and SCR files.
Virus:Win32/Madang.A arrives in the system as the file serverx.exe in the Windows system folder. It modifies the system registry so that it runs every time Windows starts:
Adds value: "Serverx"
With data: "<system folder>\serverx.exe"
To subkey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP and Vista is C:\Windows\System32.
While active, Win32/Madang.A monitors the above registry entry to prevent it from being deleted. It creates the mutex Angry Angel v3.0 while active.
Virus:Win32/Madang.A traverses writeable drives from C: to Z: in search of files with the extension .EXE or .SCR. However, it does not infect files found in the C:\Windows or C:\WINNT folders.
When found, it infects these files by appending its virus code.
Downloads Other Malware
Virus:Win32/Madang.A accesses the following web sites, from which it may download other malware components:
Analysis by Jireh Sanico