W32.Zezer.Worm
Aliases: I-Worm/Zezer.B, Win32.MSNDozzer.B, Worm.Zezer.B, W32/Dozer.B.worm, Win32/Zezer.B
Variants: Win32/HLLW.Zoder.B, WORM_ZEZER.B, Worm/Dozer.B1, W32/Zezer.B, Win32:Dozor-B
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 01 Oct 2003
Damage: Low
Characteristics: The W32/Zezer.Worm program is a worm that spreads itself through email sending to all the Hotmail addresses that it searches on your Messenger contact list. The worm can steal cached network passwords and could terminate processes of security programs. W32/Zezer.Worm is packed with UPX and is written in Microsoft Visual Basic 6. The Mswinsck.ocx file should be on the PC for the worm to run.
W32.Zezer.Worm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Zezer.Worm from your computer.
More details about W32.Zezer.Worm
When W32/Zezer.Worm is executed on your system, it copies itself as Mscsgs.exe in Windows folder and Msnexec.exe or Mscsgs32.exe in system folder. It sends the email to Hotmail addresses that the worm found from your MSN Messenger contact list. This e-mail comes with a subject: Windows Update, MSN Messenger vulnerability, or MSN Messenger Update and an attached file named Msn_inst.exe. The worm also adds values to the registry so that so that you can no longer open the registry editor.
Worm software is able to spread to other systems on its own. Once it enters the system, it creates multiple copies of itself. It may drop the infected files in network shares. Other computers connected via the Local Access Network (LAN) may be infected via shared folders or printers. Initialization (.ini) files may also be placed in system drives. Each time a removable memory device is connected to the drive, the .ini file is accessed. This leads to the worm program. The device is infected so that it can spread the worm application to other computers.