W32.Qint@mm
Aliases: W32.Invalid.worm, TROJ_INVALID.A, W32/InvalidSSL@MM, W32/InvalidSSL
Variants: N/A
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 30 Aug 2001
Damage: Medium
Characteristics: W32.Qint@mm is an Internet worm. It arrives as an email disguised as a message from Microsoft Technical Support.The worm arrives as an email message using the email address support@microsoft.com. It is disguised as a Microsoft Technical Support message to trick the user into clicking the attachment sslpatch.exe.
W32.Qint@mm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Qint@mm from your computer.
More details about W32.Qint@mm
When executed, the worm W32.Qint@mm checks if there is an Internet connection available. If it detects an Internet connection, it sends itself through email. The email is disguised as a message from Microsoft Technical Support. While sending emails, the worm searches for .ht files in the My Documents folder. It searches for the string mailto and copies the email address next to it. After gathering email addresses, the worm connects to mail.bezequint.net and sends the email containing the attachment sslpatch.exe. The worm corrupts EXE files and looks for other EXE files in the current folder. When the worm finds EXE files, it uses the CryptEncrypt API function to encrypt the files. It then uses the user key Invalid.Worm. Encrypted files will no longer be validCorrupted EXE files will display an error message: ie C:\WINDOWS\CALC.EXE is not a valid Win32 application. To prevent the worm from infecting your computer, block all file attachments with the name sslpatch.exe at the SMTP gateway. Apart from downloading and installing unwanted components, the W32.Qint@mm application is also capable of spreading threats to other computers. Propagation of threats is done through other programs, as Trojan applications are not capable of spreading by themselves. Common programs that are capable of transmitting threats include P2P (peer-to-peer) file sharing programs and instant messaging applications.
Browse for more malware information
- W32.Qint@mm
- W32.Quadrule.A
- W32.Quin.Irc
- W32.Racita.A
- W32.Rahack
- W32.Rahiwi.A
- W32.Rainwash
- W32.Rajump
- W32.Randin
- W32.Randsom.A
- W32.Ranetif
- W32.Rants.A@mm
- W32.Rarbeauty@mm
- W32.Reatle@mm
- W32.Recory@mm
- W32.Redlofs
- W32.Redlofwen
- W32.Redplut
- W32.Redzed@mm
- W32.Refaz
- W32.Refoav@mm
- W32.Reidana.A
- W32.Relfeer
- W32.Relnek.A
- W32.Remabl.Worm
- W32.Remadmin
- W32.Remadworm
- W32.Renama.A@mm
- W32.Renco@mm
- W32.Repad.Worm
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.