high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 2 June 2005 00:50:45 (GMT) |
| Last updated | 22 September 2005 08:18:19 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Antiman-D is a mass-mailing and peer-to-peer worm for the Windows platform.
When run the worm copies itself to the Windows folder as funny.scr and to the current user's Startup folder as startwin.exe. The worm will then modify the following registry entry in order to become the new screen saver:
HKCU\Control Panel\desktop
SCRNSAVE.EXE
%WINDOWS%\funny.scr
W32/Antiman-D harvests email addresses from Microsoft Outlook Express, Yahoo! Messenger, Microsoft Internet Account Manager.
W32/Antiman-D will copy itself to folders on the local hard disk which contain one of the following strings:
shar
download
upload
dc++
kazaa
kituri
xxx
filme
de pe net
W32/Antiman-D will copy itself to one of these folders as one of the following filenames:
Adrian Copilul Minune - ultimul album (DD.MM.YYYY)._zip.exe
Pamela Anderson (filmul complet, 19 minute).exe
Program pentru vazut filme incomplet copiate.exe
Manele Collection YYYY).exe
Manele - texte din toate manelele._txt.exe
Carmen la 16 ani - best blowjob sex xxx._avi_divx_.scr
ultimul album (DD.MM.YYYY)._zip.exe
Porno la scoala._avi_divx_.scr
Fetele de la Asia dezbracate.avii.exe
Chef de chef - cele mai noi manele noi DD.MM.YYYY).exe
Utilitar de cautare manele noi pe net.exe
Program pentru ascultat melodii incomplet copiate.exe
Emails sent by the worm may come in one of the following combinations:
subject line: Poza de la mare...
message text:
Ti-am trimis ultima poza de la mare. Asta e?
attachment name:
scan picture 0001. JPG.exe
subject line: Antivirus
message text:
Asta e ultimul antivirus. Ar trebui sa rezolve toate problem
attachment name:
antivirus.exe
subject line: Sex in camin
message text:
Ioana, sex in grup in camin. Cred ca o stii si tu ;)
attachment name:
ioana divx. AVI.exe
subject line: Faza cu camila
message text:
:)))))))
attachment name:
camila.exe
subject line: De ce mor mai repede curiosii...
message text:
Nu deschide acest mesaj! E numai pentru persoanele prea curioase!
attachment name:
curiosii.exe
subject line: Antimanele
message text:
Daca nu mai suportati manelele la servici, tramvai, taxi, metrou, etc.,
trimiteti acest mesaj la toti prietenii dvs.
Va multumesc (din suflet).
attachment name:
antimanele.exe
subject line: Votati astazi! DD.MM.YYYY
message text:
Credeti ca ar fi mai bine ca Romania sa-si retraga trupele din Irak '
nul acesta?
Deschideti programul Vot, alegeti votul dvs. si vedeti rezultatele.
Parerea dvs. conteaza!
attachment name:
vot.exe
subject line: Cu sau fara Manele ?
message text:
redeti ca ar fi mai bine ca manelele sa fie interzise in Romania?
eschideti programul de votare, alegeti votul dvs. si vedeti rezultatele.
Parerea dvs. conteaza!
attachment name:
vot manele
subject line: Pentru Ionel
message text:
Draga Ionel
Scuza-ma ca nu ti-am mai scris de mult timp, dar am avut ceva probleme cu calculatorul
Ti-am promis ultima data pe chat o poza cu mine dezbracata... m-am gandit mult la asta si cred ca pana la urma cel mai bine e sa-ti trimit o poza.
Sper sa-ti placa. Daca nu o sa-mi mai scrii dupa mesajul asta, o sa te inteleg...
Roxana,
attachment name:
poza roxana. JPG.exe
subject line: Cum a murit Papa?
message text:
Film cu moartea papei. Toate drepturile rezervate. Este interzisa modificarea continutului. Poate fi redistribuit.
Asociatia Catolicilor Anonimi din Romania.
attachment name:
film_papa._avi._divx_.exe
subject line: Delivery Status (Failure)
message text:
This is an automatically generated Delivery Status Notification.
Delivery to last recipient failed.
Email returned as attachment text file.
attachment name:
failed message.txt.scr
subject line: Poza cu tine pe net???
message text:
Salut,
Am vazut poza asta cu tine pe un site. Chiar tu esti?
Sau s-ar putea sa semene doar cu tine...
attachment name:
Scan .scr
From field chosen from:
alexandra@yahoo.com
ionut@yahoo.com
Catalin@yahoo.com
alice@yahoo.com
bia@yahoo.com
Marius@xnet.ro
Georgiana@fantasy.ro
office@bitdefender.ro
antimanele@antimanele.go.ro
Alex@home.ro
roxette@yahoo.com
mikeoldfield@yahoo.com
pasareacolibri@yahoo.com
cccatch@yahoo.com
nicola@yahoo.com
enya@yahoo.com
deepforest@yahoo.com
beatles@yahoo.com
florin.chilian@yahoo.com
enigma@yahoo.com
yanni@yahoo.com
moderntalking@yahoo.com
romantic@yahoo.com
Alina@yahoo.com
Emma@yahoo.com
Ella@yahoo.com
Ramona@yahoo.com
Gaby@yahoo.com
Catalina@yahoo.com
Ana@yahoo.com
Alex@yahoo.com
Georgiana@yahoo.com
W32/Antiman-D also creates m.txt, a log file in the root folder.
|
