W32.Azak


Aliases: W32/Azak.worm, Trojan.Win32.Azak, AZAK W32/Trojan.AZAL, W32/Azak, Win32.Azak
Variants: N/A

Classification: Malware
Category: Trojan Horse

Status: Inactive
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 06 Aug 2002
Damage: Low

Characteristics: The W32.Azak malware is a Trojan that has the ability to copy itself as the Kaaza.exe file (not to be confused with the legitimate Kazaa.exe file, the executable file of the Kazaa P2P client).

More details about W32.Azak

The W32.Azak Trojan program has no known payload. Upon its successful execution on the compromised machine, this Trojan can copy itself to the %root% folder of all local drives in the infected computer system. It will also create a copy of itself as the Kaaza0.exe file in the C:\ folder. The W32.Azak Trojan program will then add certain registry keys to allow its automatic execution upon startup. The Trojan will then create the files S.bat: and Kaaza.reg in the C:\ folder. It will also create the file Autoexec.bat in the A:\ folder. The Autoexec.bat file will copy the Kaaza.exe file to the Startup folder so that when users start Windows, the W32.Azak Trojan program will also run. The Trojan will also retrieve the Startup path from the registry key folders.

For removal of the W32.Azak Trojan program from the computer, you should have the virus definitions of your antivirus program updated. You should then conduct a complete scan of the computer system and remove files with associations to the W32.Azak Trojan program. The files that should be deleted include the C:\ S.bat:, C:\ Kazza0.exe and the C:\ Kaaza.reg files. You should also delete the registry key the W32.Azak Trojan program has added. You should then scan the system once again to make sure that the W32.Azak Trojan program and all its dropped files have been eradicated from the system completely.