WORM_IXAS.A, W32/[email protected]
, W32/[email protected]
, I-Worm/Ixas, Win32:Ixas
Email-Worm.Win32.Ixas.a, I-Worm.Ixas.a, HLLM.Ixas.2, W32/Ixas-A, Win32/[email protected]
Category: Computer Worm
North America, South America, Asia, Europe, some parts of Africa and Australia
17 Feb 2003
The mass mailing worm [email protected]
utilizes its very own SMTP or Simple Mail Transfer Protocol engine for sending itself to every contact in the compromised system’s Windows address book. This worm can also send itself to email addresses it has gathered from incoming mails. This worm and all its variants are written in the Microsoft programming language C++ and packed with either UPX or ASPack.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
Upon executing in the infected machine, the worm will check the system for a certain registry entry. If the entry is located, the [email protected]
worm will automatically terminate itself. However, when the said entry is not in the system, the worm will create a registry entry with a filename randomly selected from its dropped files. This entry will serve as the malware’s marker for infection. It will likewise drop a copy of itself having the Exe file extension. This security threat will also create a startup registry entry to make certain that it runs upon Windows startup. It spreads by using MAPI or Messaging Application Program Interface by querying a specific registry entry. The registry entry has the path where the DLL file used by the worm is located. The API (application program interface) functions of the DLL are used by the worm for sending copies of itself.
The [email protected]
worm can also create files that have the same base filename of its dropped copies but without the file extension; as in from xxx.exe to xxx only. It will also store all the email addresses of the recipients of its infected email. To completely clean the computer of the worm’s infection, end the worm’s running process through the Windows Task Manager. You can try looking for it in the task manager’s list of processes and when located, choose the option end process. You can also search for the other files dropped by the [email protected]
worm by using the Search function of Windows. Next, proceed to edit the Registry and delete the entries made by the worm.