, I-Worm.Centar.a, WORM_HORSMAN.A
Category: Computer Worm
Active & Spreading
Some parts of Asia, Europe, North and South America, Africa and Australia
07 Apr 2003
Last April 7, 2003, W32.Fourseman.A was found. W32.Fourseman.A is a worm that tries to send itself to all email addresses that can be found in the .htm, .htt, .html and .dbx files. This mass-mailing worm mostly affects several Windows Systems, namely Windows 2000, 95, 98, Me, NT and XP.
W32.Fourseman.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Fourseman.A from your computer.
More details about W32.Fourseman.A
Since this mass-mailing worm infects email addresses, it is very important to know the characteristics this W32.Fourseman.A is using. The subject on the email is “Very important patch!” and has an attachment that comes in either one of the following: Win_Security_Patch_2602.exe, SProcess.exe or Great_Virus_Creation_Kit.exe. The W32.Fourseman.A also has the ability to remove different security-related software. This worm is installed by copying itself and terminates processes that have the following strings: avp, kav, nav, scan, anti, alert, mon and check. Then, it creates"%Temp%\LogData.vbs" to be able to perform the email routine. Based on the creation of that CBScript, the worm sends itself to its target. The target is all email addresses found in the following extensions: .htm, .html, .htt, and .dbx.
Users may allow the W32.Fourseman.A program to access to the system without knowing it is malicious in nature. It may be received from e-mails or instant messages. The infected file can also be downloaded from websites or peer-to-peer (P2P) file sharing networks. The W32.Fourseman.A application can also enter the system via drive-by-downloads. The application may open an unused system port. This acts as the backdoor. All information that passes through it will bypass installed anti-malware programs. This can be used to connect to remote servers. Files may then be downloaded in the system.