Win32:Anset

is an Internet aware worm, written in Delphi and packed by UPX. The worm spreads via email message with the following characteristics:
Subject: ANTS Version 3.0
Attachment: ants3set.exe
Message body:
Hi,

Anhängend die neue Version 3.0 von ANTS, dem bislang einzigartigen kostenlosen Trojanerscanner. Zum installieren einfach die angefügte Datei ausführen.

Attached you will find the brand new Version 3.0 of ANTS, the unique freeware trojan scanner. To install ANTS simply run the attached setup file.

Adieu, Andreas
webmaster@avnetwork.de
http://www.ants-online.de

When executed, the worm creates a copy of itself with a random name in the Windows directory and modifies the registry by adding its name to the key:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

The worm then searches the Outlook address book and tries to find email addresses to which it can spread. It uses its own SMTP routine to send itself however. There are several known variants of this worm.

Removal:

  • delete all infected files found on the disk
  • remove the registry entry pointing to those files
Any avast! with VPS file dated on or after 25th October 2001 is able to detect this virus.
Viry
Hlášení o viru Viry in the Wild Souhrn z hlášení Windows viry Starší windows viry 2002 Starší windows viry 2001 Starší windows viry 2000 Script viry Macro viry Testovací soubor EICAR Historie VPS
Zasílání informací
informace o standardní VPS
Home pageWeb site mapPrint this pagePrivacy policy
Copyright © 1988 - 2008 ALWIL Software a.s.
Domovská stránka