Aliases: [email protected]
, W32/Elitper-E, Win32.Elitper.E, Win32/Unknown!P2P!Worm, Worm:Win32/Elitper.E
Category: Computer Worm
Asia, North and South America, and some parts of Europe and Australia
25 Mar 2005
Characteristics: [email protected]
is a worm that usually comes and propagates in several MS Outlook and file-sharing networks. One of its unique abilities is that it removes files and processes as well as increases security outbreak by tweaking the compromised computer’s security settings. It is also called a memory resident worm which is very popular with mIRC and other peer-to-peer (P2P) applications such as BearShare, Grokster, Kazaa, Kazaa Lite, Kazaa Media Desktop, Morpheus, and Shareaza. It also modifies Hosts files.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
Antivirus and security labeled websites will be hampered and even prevented when this worm is already present in the computer. Registry keys are also being tweaked and this prevents them from doing certain tasks, such as running programs through the Run command, running Registry Editor and Running Task Manager. Other applications or programs may also become inoperable because it has the ability to disable certain action like closing Internet Explorer windows, file opening, saving, and printing functionalities of Internet Explorer and notifying for new Windows update components and firewall- and antivirus-related events. The worm also copies itself to folders using one of the following filenames: “All Nokia Phones Hacking + Hotkeys To Access To Networks.exe” and “All Nokia Phones Software Codes + Hotkeys To Access To Networks.exe.” Computer system may also tend to shut down automatically if the virus successfully deletes the service LSASS.EXE. Unlike any other virus or worms exploiting LSASS.exe service, this virus simply terminates this service in order to shut the system down. If the virus completely achieves its routine infection, the compromised computer’s system will then be named as surconfluge.
The [email protected]
program is said to replicate itself to any compromised system through flaws and system vulnerabilities. Some of the effects of this threat on the computer and its users include stealing of some programs, deletion of system files, and immobilization of certain executables essential to the Operating System, shutting down of various security applications, and the possibility of the compromised computer to become unstable or even become unusable. According to some studies, [email protected]
tends to originate from the peer-to-peer network programs. This program may be removed from the computer through the standard manual removal process.