W32/Animan-A, Win32/[email protected]
, WORM_ANIMAN.A, Win32:Animan, [email protected]
Email-Worm.Win32.Animan, I-Worm.Animan, Win32.HLLM.Manimize.30720, BDS/Drat-130, Trojan.Lithium.Capture
Category: Computer Worm
Active & Spreading
30 Oct 2002
Characterized by its own Simple Mail Transfer Protocol engine, this mass mailing Worm is capable of harvesting the contents of the Windows Address Book to spread its payload.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
The [email protected]
malware exploits the Multipurpose Internet Mail Extension to allow it to execute when an email message is previewed or read. The email message sent by the [email protected]
malware has a subject line which may contain the text - Alert!, - Happy!, -Thank You !, - Important !, - Welcom!, and -You only see among others. The malware randomly chooses among these preferred subject lines. Every email message that is sent out by this malware includes the AntiMani.exe file attachment which the malicious author hopes will be executed by the unwary recipient. When the [email protected]
malware is executed in the infected computer system, it launches a message box that contains the text "Your computer is not infected by New Viruse". The message box title is usually "Manimize".
Moreover, this virus is normally stores the AntiMani.exe file in the System folder of the Windows directory and has an archive, hidden, and system attribute. The Msacm16.dll, D3dim16.dll, and D3drm16.dll files are also created in the same folder location. The AntiMani.exe file also has a corresponding entry created in a certain Registry key folder. The message content of the email offers the computer user with a supposedly new antivirus application that is capable of removing a new Worm variant. The [email protected]
malware in this instance can cause the downloading of more malware into the already infected computer system. Computer security experts also consider the [email protected]
program as a type of tool for rogue antispyware programs.