Developers will agree that code is never perfect as opposed to being always perfectible. This holds true for mammoth software products like the Windows platform, but also for smaller applications designed to run on top of the OS, and even for malicious code targeting the operating system. Microsoft has warned users that a new Trojan horse actively spreading in the wild, particularly on computers running Windows XP, will cause additional problems on top of the infection. Specifically, due to bugs contained by some versions of Trojan:Win32/Daonol, the malware can prevent XP machines from booting and from shutting down.

“Several recent versions of this malware are buggy and prevent computers from successfully shutting down or (more importantly) starting up. If you have (or someone you know has) a Windows XP system which won’t boot completely (ie, shows the ‘Windows XP’ splash-screen with the progress bar, but then the screen turns black and the system never starts up completely), it’s likely a Daonol infection,” explained Aaron Putnam, researcher with the Microsoft Malware Protection Center.

Daonol is by no means designed to prevent users from shutting down or starting up their computers. Such malicious behavior is a direct result of poorly written code, and nothing more. The malware’s authors built network traffic monitoring capabilities into Daonol, with the malware being geared towards stealing FTP credentials. Daonol will deliver additional clues to end users with compromised computers, including the fact that navigation to the websites of security companies is not possible, access to system programs is disabled, and web searches are redirected to malicious sites hosting malware.

“Another obvious symptom of infection is that regedit.exe and cmd.exe will not launch properly. To see if this is the case, navigate to Start->Run and enter regedit.exe. If nothing happens after a few seconds, most likely you are infected with Daonol. If you launch cmd.exe in the same way, you will see a command-prompt window but no text will appear in the window itself. Daonol allows the regedit and cmd processes to launch, but it forces them into a suspended state and doesn’t allow them to do anything,” Putnam added.