Win32.Ahker.B, Email-Worm.Win32.Anker.a, W32/Ahker-B, WORM_AHKER
Email-Worm.Win32.Anker.a, W32/[email protected]
, Win32.HLLM.Generic.314, Win32/[email protected]
Category: Computer Worm
26 Jan 2005
The contents of the Windows Address Book are used by the [email protected]
malware to send its codes to other unwary computer users. The email message is disguised in such a way that it will prompt the recipient to launch the attachment which will execute the malware into the targeted machine.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
The [email protected]
mass mailing worm does not only target the WAB file but also the Windows Host file. This file affects how the Web browser communicates with websites. Modification of this file can allow the malware to redirect the Web browser to malicious websites and cause the automatic downloading of dangerous codes. The process of downloading may occur without the computer user's knowledge or intervention. An infection from the [email protected]
malware may also cause undesired changes in the behavior of the operating system. According to some previous instances of infections, the Run command may disappear or fail to launch from the Start menu. Some applications like Notepad, Registry Editor, and even Windows Task Manager may be disabled by this malware. It is believed that this is done to make sure that the computer user will not be able to terminate the running processes of the malware.
The services.exe file is also introduced by the malware into the infected machine by storing it under the Windows directory. This executable file has a corresponding Windows Registry entry which attempts to identify the malicious file as a legitimate service of an antivirus application. Other programs affected by the [email protected]
malware may include Wordpad, MSN Messenger, and Windows Update. The SVCHOST and LSASS processes of the operating system are likewise terminated by the malware. Processes associated with security and antivirus programs are also ended prematurely which may lead to corruption. A reliable antivirus program with an updated virus engine and database may be required to totally remove this malware from an infected machine.