Email-Worm.Win32.Mota.a, I-Worm.MoTa.a, W32/Mota.worm, Win32.HLLM.Mota, Win32/[email protected]
Win32:MuTa, I-Worm/Mota.B, Trojan.Mobotu
Category: Computer Worm
Asia, North America, Europe
03 Jul 2004
Worms are dangerous programs that are capable of replicating by themselves across networks, IRC, emails or P2P applications. The W32.Mota.A is a worm that specifically spreads via sending its malicious code to email addresses it finds in the target system’s Windows address book. This worm uses its very own SMTP or simple mail transfer protocol engine for sending email addresses with infected attachments. It is not capable of infecting files and the mobutu.a string can be found within its code.
W32.Mota.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Mota.A from your computer.
More details about W32.Mota.A
Upon a successful launch in the victim machine, the W32.Mota.A worm will create several files with the extensions .dll, .dat and .exe. It will also add a specific value to one of the registry keys that will permit the worm to run every time that Windows is started. It then tries to establish a connection to one of its predetermined IRC servers on the 6667 TCP port. These addresses have the .org string. The worm then commences to collate email addresses it locates in the address book of Windows from files with the strings .htm, .txt, .dbx and .html. The infected email that will be sent by the worm will have a spoofed sender’s address followed by top level domain names such as .de, .com, .be, .it, .org, .edu and .fr.
The email sent by the W32.Mota.A worm will also have a subject and body that are not predefined and will have an attachment with the file extension .pif, .scr or .zip. This attachment will contain the worm’s code that can infect other machines when downloaded and installed by a user on his machine. Get rid of this worm’s infection by going to the Windows Task Manager and then terminating its running process. Next, search the system for files that are associated with the worm and then delete them. Proceed to edit the registry and remove the autostart values added by W32.Mota.A malware.