Aliases: Win32.HLLW.AntiQFX.a, TROJ_ANTIQFX, W32/AntiQFX-A, Win32.AntiQFX.A
Variants: Aladdin, W32/Antiqfx.worm.a

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 28 Dec 1999
Damage: Medium

Characteristics: The W32.Antiqfx.Worm malware uses the executable file mscdex.exe which is commonly used as the filename for CD ROM drivers in various Microsoft Windows Operating System based machines. This malware attempts to place a copy of its code in remote machines allowing it to spread its infection on next system boot.

More details about W32.Antiqfx.Worm

This malware is considered as a network aware Worm which requires a write access privilege in order to spread to other network clients. This means that the W32.Antiqfx.Worm program may find it difficult to readily infect remote machines that have adequate network protection. In machines which can be affected by this malware, it modifies the contents of the autoexec.bat or startup files to make sure that the machine is infected or re-infected on next startup. For this reason, many computer system infected by this malware which are thought to be cleaned become re-infected on its next boot up. Computers using the Microsoft Windows NT Operating System platform may find the main executable file of the W32.Antiqfx.Worm malware in the winnt\ profiles\ Administrator\ Start Menu\ Programs\ Startup and winnt\ profiles\ All Users\ Start Menu\ Programs\ Startup directory folders. This malware is designed in such a way that its main executable file which was written in the C++ programming language is adequately protected using a HASP layer.

The W32.Antiqfx.Worm program strictly monitors its execution to make sure that only one instance is running in any infected machine at any given time. The longest running instance is always preserved while the others are terminated accordingly. The danger associated with the payload of this malware is that it looks for specific file extensions and file types which it not only overwrites or terminates but completely deletes from the machine. The result is an unstable computing environment that can lead to data loss or corruption.