Trojan.Win32.Smith, Smith, Trojan.Smith, Trojan:Win32/Smith.A, TROJ_SMITH.A
Trojan.Smith.A, Trojan.Smith-1, Trj/Smith.A, Win32/Smith.A
Category: Computer Worm
04 Jul 2004
The mass mailing worm [email protected]
utilizes its own Simple Mail Transfer Protocol (SMTP) engine for sending its code to email addresses it can locate in the victim machine. This worm will also modify several system configurations and make additions to the registry to make its code hard to remove from the host machine.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
When this worm executes in the infected computer system, it will copy itself to the system as one of its predetermined ten .exe filenames. It incessantly alters the display configuration to different graphics modes which can cause the screen to flash, switch on and off or blink. It will then proceed to alter the registry by deleting and adding values to specific registry keys. This malware can set eleven registry values to one registry key to make it difficult for users to detect its presence. Next, the [email protected]
worm will inspect the local hard disk to gather email addresses. These email addresses will be used by the worm for sending copies of its code. The worm’s malicious code is allegedly contained within the email’s attachment.
The infected email that will be sent by the [email protected]
worm will be from a spoofed email address or from a specific email address. When the email address of the sender is spoofed, it will be made up of a combination of random strings from a predefined list. The message body of this email will contain Chinese characters around 5 to 6 lines long while the attachment’s filename will also be selected from a predetermined list. To remove the infection of this security risk, disable the option System Restore and then download a utility that can restore the registry editor’s use. Terminate the malware program via the Task Manager and the restart the system. Run the downloaded utility and restore the modifications done to the registry. Search for all the malware’s dropped files and then delete immediately upon detection.