Backdoor.Agent.n, Exploit-Mydoom, BackDoor.IRC.Sdbot.248, Backdoor:Win32/Agent.N, TROJ_AGENT.N,
Win32:Trojan-gen., Backdoor Program, Win32/Agent.N,
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
05 Apr 2004
The W32.Solame.A program is a worm that multiplies through the use of the backdoor the variants of [email protected]
W32.Solame.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Solame.A from your computer.
More details about W32.Solame.A
The W32.Solame.A program is a worm that multiplies through the use of the backdoor that the [email protected]
variants create. When the worm is opened, it moves itself to “%System%Msdspr.exe”. The W32.Solame.A adds the value "Windows Automation"="msdspr.exe" to the registry key, so that the W32.Solame program opens when you open the Windows. The worm also ads the value "Windows Automation"="msdspr.exe" to the registry key, so that the worm opens when you open Windows 95, 98, and Me. The W32.Solame program connects to an IRC server and spreads out abusive messages to consumers.
The W32.Solame generates a random Internet Protocol address and performs a DNS lookup on this address. The worm tries to connect to the Internet Protocol address on port 3127/tcp, which is connected w/ the [email protected]
variants. If the connection was successful, the worm will utilize a malware command to spread and execute the worm. This is possible to cause a clear slowdown on a contaminated system. A contaminated system is also possible to make a lot of DNS queries every second for Internet Protocol addresses.