Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia
Removal: Easy
Platform: W32
Discovered: 22 Dec 2006
Damage: Low

Characteristics: The W32.Tasnab application propagates through network mapped drives. The systems that are affected include 98, Windows 95, Windows NT, Windows Me, Windows XP, and Windows Server 2003.

More details about W32.Tasnab

The worm performs some actions like the other viruses do. The worm creates files where any text tthat user will enter into the Windows Explorer’s address bar. These files will be opened as Slam Bey.txt having the default file viewer text. The worm monitors the windows any of the names wherein their group names are ExploreWClass, WorkerA, WorkerW, ReBarWindow32, ComboBoxEx32, ComboBox, Edit, IEFrame, Navigation Bar, Address Band Root, CabinetWClass, ata*, RegEdit_RegEdit, Registry Editor, #32770, System Configuration Utility, ThunderRT6FormDC, HijackThis - v1.99.0, Tfrmmainstartup, Quick StartUp, Pocket Killbox 0 Items, Show/Kill Running Process, Startup Guard - Found New App At Startup !, SysListView32, Autostart And Process Viewer, tty, MS-DOS Prompt, KILLVB, ConsoleWindowClass, Command Prompt, PROCEXPL, TfrmIntegrator, TuneUp Utilities, iKnowPS, CurrProcessClass, CurrProcess, Run, Windows Task Manager, and Processes.

When the W32.Tasnab was executed, it replicates itself to the recent folders and any of the folders that were being accessed on the drives A-Z using some m\names. The worm also adds a value in to the registry subkey so it can execute when the windows will start. It modifies values in the registry subkey. The worm also monitors the address bar of the Windows Explorer and then replicates itself having names of the typed first 3 characters found in the address bar and also one of the created names from the monitored Windows. The worm also ends the regedit and the command prompt of your computer.