Aliases: Email-Worm.Win32.Ainjo.c, I-Worm.Ainjo.c, W32/Mellon.worm,
[email protected], Win32.HLLM.Generic.91
Variants: W32/Join-C, Win32/
[email protected], WORM_AINJO.C, W32/Ainjo.C , Win32:Ainjo-B
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 17 Oct 2002
Damage: Low
Characteristics: The
[email protected] program is a mass mailing worm. It sends a copy of it code to all contacts in your MS Outlook Address Book. The e-mail message has lots of different subject lines and several different attachment names. The worm as well spreads trough KaZaA file-sharing network program. It tries to trick the user into downloading and executing
[email protected]
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean
[email protected] from your computer.
Once
[email protected] is executed on your system, it creates itself a copy to all contacts in your Address Book. The e-mail may include subjects such as “We need to talk...!”, “What's the problem?,” “How are you??”, “You need help?” , “What's happening???” etc. It also comes with an attachment wherein the worm is executed when these attached file is downloaded. The attached file may be names as funny, cool_file, nice_file, funny toy, nice song, ReadMe, Information and etc with file extensions such as .exe, .jpg, .com, .php, .htm, .mp3, .asp, .mpg, .txt, and .doc. Once downloaded on your system, the worm then copies its code as read-only or a hidden file named Cool_File.exe. Next,
[email protected] creates a file named Script.ini that sends Cool_File.exe making use of the mIRC program. Finally, it copies itself to other locations on your system as MSN Hack.exe, MSN Crack.exe, ICQ Password, HotMail SpiderMan-PC-Game-v2 FullDownloader.exe, ICQ Hack.exe, MSN Hack.exe and Windows (All Versions) KeyGen.exe
The worm as well contains a pay load that drops the
[email protected] It does this by creating either WinDLL.txt, WinEXE.txt, WinCOM.txt, WinSCR.txt and WinSYS.txt. The worm then uses those files to create another file like WinSCR.scr, WinEXE.scr, WinCOM.scr and WinSYS.scr. Before the worm runs the created .exe file, it shows message.