[email protected]

Aliases: Worm.Win32.VB.u, W32/Nodmin-A, WORM_NODMIN.A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 21 Jan 2005
Damage: Low

Characteristics: [email protected] is a computer settings modifier worm which uses mass mailings to be carried out from the victim machine. This worm causes your computer and or laptop to crash and continuously reboot after it crashes. It also spreads through file sharing networks. The files being copied in the windows system folders are as follows: kbdbg.exe, bgHacKeR$.exe, mymind.exe, open.exe, Q-We are the champions.exe, Microsoft SuxX.exe, winserv.ila, sservice.ila and lservice.exe. Programs that are usually terminated are: AckWin32.EXE, ADVXDWIN.EXE, AGENTSVR.EXE, agentw.EXE, AMON9X.EXE, ANTI -TROJAN.EXE, ANTIVIRUS.EXE, ANTS.EXE, APIMONITOR.EXE, APVXDWIN.exe and ATRO55EN.EXE.

More details about [email protected]

It also displays an alert box saying, “ The file is either in unknow format or damaged!” All platforms of Windows Operating System are said to be affected by this virus.This threat is written in Visual Basic language. Manual deletion of this worm includes editing the host and deleting of infected files. To do this, you need to click start button and select “Find” or “Search” in files or folders. Set the “Look in” option to “C” drive and include subfolders. Type in “hosts” in the “named or “search for” box. And then select “find now.” For each Hosts file that you find, right-click the file, and then click Open With. Don’t select the "Always use this program to open this program" check box. Then, scroll through the list of programs and double-click Notepad application. The files will open and you must delete all the entries. Then, close your notepad application and save changes. This is also a dropper of Trojan infection coming from a remote domain, “http:/ /freewebs.com/tornadotm.”

Security experts are unanimous in saying that the [email protected] application is malware primarily because it compromises system security through the access granted to a hacker. Aside from allowing an unauthorized party to influence the computer, the program can also be responsible for the introduction of other threats to the computer. Users also account a significant slowing of the computer’s operation since it uses a disproportionate amount of the system’s resources.