W32/Autorun.worm.e, Win32/Mocmex.AM, Packed.Win32.NSAnti.r, Packed.Win32.NSAnti.r, WORM_AGENT.TBH
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
29 Jul 2007
This worm is also known as Dotex. It affects Windows system processes and hampers regedit and msconfig processes. It also has backdoor capabilities such as secretly installing itself to the system and executing corrupt .exe files, with this case, vnwpbns.exe files. Once this worm is already in your system, it executes a lot of pop up advertisements. Pop up blockers are also hindered by this worm. This is usually acquired through pornography, hackin, and gambling-related sites.
W32.Dotex Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Dotex from your computer.
More details about W32.Dotex
Dotex worm was discovered on May 29, 2007. It infects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista and Windows XP. It continuously copies itself to all the root drives and multiplies through Windows System folder. It creates autorun.inf file on the root of all drives while disabling antivirus program. It is known that upon spreading itself to the root drives, it also has the capacity to spread malicious files on the infected computer. One effect of this virus in a compputer is the hacking of the computer’s browser start page, search result, desktop toolbar, wallpaper, tray icons and windows shortcuts. Sometimes, it also produces continual tower speaker bleep sounds as well as a Blue Screen of Death" error caused by corrupt registry keys, dll's and system files. Computers also tend to slow down implementing long start ups and reboot time. This worm also has the potential to record windows behavior and values on system registry while disabling active security software.
The application also has functionalities of a Remote Administration Tool (RAT) program. The W32.Dotexapplication enables a remote user to navigate the monitored computer without being detected. The program establishes a connection between the controlling system and the user’s computer. The application is composed of a server and a client. The program can be used to control the computer’s CD-ROM, screensavers, taskbar, chat conversation windows and display monitor. It may also be used to run or terminate applications on the user’s computer.