Aliases: I-Worm.Shatrix, W32/
[email protected], Win32.HLLM.Shake, W32/Shatrix-A, Win32/Shatrix.A
Variants: WORM_SHATRIX.A, Worm/Shatrix, W32/
[email protected], Win32:Shatrix, I-Worm/Shatrix
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Fast
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 04 Jan 2002
Damage: Medium
Characteristics: [email protected] is a worm that is written in Delphi language. It multiplies by sending itself to contacts in the address book of Microsoft Outlook, and across network drives. The payload tries to remove .exe files and change them with itself.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean
[email protected] from your computer.
The W32/Shatrix-A program is an email class of worm. It multiplies as an email attachment. The W32/Shatrix program is an attachment named “Shake.exe”. This worm sends a duplicate of itself to the directory of Windows system making use of a random eight character named “XXXXXXXX.exe” and makes a registry key run to load itself. The worm tries to send itself to all the addresses found in the address book of Microsoft Outlook. The worm looks for HTM, HTML, and ASP files in the “C:\INETPUB\WWWROOT” directory. If these files are located, they are modified to include the some messages. The worm will erase “C:\*.EXE” files as well.
The
[email protected] can be eliminated from the computer system manually. To do this, click the “start” menu, and then go to “Run” (the Run box shows). Type “regedit” and then press the “OK” button (the registry editor shows). You must remove the
[email protected] worm, eliminate files that are detected as “
[email protected]”, eliminate the value that this worm added to the registry key, delete or change the file “T_672b.ttm” and the “MatriX
” folder, if it is located. After you have finished that, close the registry editor.