W32.Antinny.AX
Aliases: W32/Antinny.gen!p2p, WORM_ANTINNY.AF
Variants: W32/Antinny-P, Worm.Win32.Antinny.af, W32.HLLW.Antinny.G
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Moderate
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 28 Jan 2006
Damage: Medium
Characteristics: The WinNY P2P file sharing network is specifically targeted by this malware and takes advantage of the file exchange done by its users to deliver its payload. The W32.Antinny.AX program has been observed to steal information from the infected machine as well as initiate Denial of Service attacks on different websites.
W32.Antinny.AX Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Antinny.AX from your computer.
More details about W32.Antinny.AX
The data theft functionality of this Peer to Peer Worm is done by examining the contents of files using the TXT, DOC, DBX, PDF, XLS, and PPT file extensions. Consistent with the characteristics of most data thief malware variants, the W32.Antinny.AX program also takes periodic screenshots of the user's desktop. The taken image is stored using Japanese text filenames in its own subfolder under the TEMP folder of the Windows directory. The file sharing folder of the WinNY application is searched by this malware to look for the presence of the Download.txt, tab1.txt, tab2.txt, and kakikomi.txt files among others. The Favorites, Recent, and Local Settings folders of the User's Profile directory are also scanned by the W32.Antinny.AX to search for other possible stored sensitive data. It drops a Trojan Horse executable file using the sttemp.exe filename in the TEMP directory. The files ms[RANDOM].exe and winsm.exe are also extracted into the System folder of the Windows directory.The W32.Antinny.AX program creates its own service by adding the WindowsSecurityManager entry into the system's Windows Registry keys. In order to further its infection, this malware will attempt to terminate the Windows Task Manager, Process Explorer, and ProcessWalker tools of the Windows Operating System. According to some antivirus developers, only the Windows Task Manager of the Japanese version of the Microsoft Windows environment can be successfully terminated by this malware. It is presumed that these system tools are targeted by the malware to prevent the computer user from directly terminating its background processes.
Browse for more malware information
- W32.Antinny.AX
- W32.Antiqfx.B.worm
- W32.Antiqfx.Worm
- W32.Antixbot.A
- W32.Aplore@mm
- W32.Appix.Worm
- W32.Areses.A@mm
- W32.Arpiframe
- W32.Assarm@mm
- W32.Atak.B@mm
- W32.Atendo@mm
- W32.Atnas.A
- W32.Auraax
- W32.Autex.C
- W32.Autook
- W32.Autosky
- W32.Axon
- W32.Babelloh
- W32.Babybear.int
- W32.Bactera
- W32.Badass.24576
- W32.Badday.A
- W32.Badtrans.gen@mm
- W32.Bagif
- W32.Bagz@mm
- W32.Bakain
- W32.Baki.A
- W32.Banish.A@mm
- W32.Banleed.A
- W32.Banwarum.G@mm
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.