Microsoft security software detects and removes this threat.
This threat is installed as part of a Virus:Win32/Slugin.A infection.

What to do now

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other hidden malware.

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Virus:Win32/Slugin.A!dll is the DLL component of Virus:Win32/Slugin.A. It contains the infection routine for the virus.
Virus:Win32/Slugin.A!dll may be created by Virus:Win32/Slugin.A as the following files:
  • <windir>\wplugin.dll
  • <windir>\ws2help.dll
  • %ProgramFiles%\Messenger\ws2help.dll
Spreads via...
File infection
Virus:Win32/Slugin.A!dll looks for EXE Files to infect in all fixed, removable, and remote drives. It replaces 434 bytes from the entry point of the target file with its own code. The original 434 bytes, a copy of the malicious DLL, and some other virus data are then appended to the target file.
Sends infection notification
Virus:Win32/Slugin.A!dll sends an email message to a remote attacker containing information about the infection. The message is sent via the following mail servers:
The message is sent to the address "" from the address "".
Allows limited backdoor access and control
Virus:Win32/Slugin.A!dll opens port 10100 on the infected PC. This allows a malicious hacker to create web pages to perform the following actions on your PC:
  • Upload files to and from your PC
  • Kill services
  • Change services settings
Analysis by Jaime Wong


The following could indicate that you have this threat on your PC:

  • You have these files:


Alert level: Severe
First detected by definition: 1.45.1132.0
Latest detected by definition: and higher
First detected on: Oct 27, 2008
This entry was first published on: Jun 01, 2010
This entry was updated on: Oct 12, 2014

This threat is also detected as:
  • Win-Trojan/Slugin.110592 (AhnLab)
  • W32/Slugin.A (Command)
  • W32/Slugin.drop (Avira)
  • Win32/Slugin.A (CA)
  • Trojan.PWS.MSNPass.75 (Dr.Web)
  • W32/Wplugin.dll (McAfee)
  • W32/Wplugin.A.drp (Panda)
  • Trojan.Win32.Nodef.dri (Rising AV)
  • W32/Slugin-A (Sophos)
  • Trojan.Win32.Slugin.a!dll (Sunbelt Software)
  • W32.Slugin.A (Symantec)
  • PE_WPLUG.A-O (Trend Micro)