W32/Antix-A

Please follow the instructions for removing worms.

W32/Antix-A is an MSN Messenger worm with backdoor functionality for the Windows platform.

W32/Antix-A sends a message to all MSN Messenger contacts with a link to a site that contains a copy of the worm.

The message will be one of the following:

Hej, did you download the new MSN yet? :D
lol check out MSN Plus...it ownz! :o
Automessage : Download MSN Plus:
lol, this is awsome...:|
Want more msn emotions? :D
MSN 8.0 Beta released....get it here :D
Hej, wanna update your Messenger :D ?
dude, this is awesome... a must see! :D
lol I just updated my Messenger and I must say IT ROCKS!!
Check this out mate, it roxxx :D !! W32/Antix-A is a worm with backdoor functionality for the Windows platform that spreads through the MSN Messenger Service as a result of the backdoor command.

W32/Antix-A sends a message to all MSN Messenger contacts with a link to a site that contains a copy of the worm.

The message will be one of the following:

Hej, did you download the new MSN yet? :D
lol check out MSN Plus...it ownz! :o
Automessage : Download MSN Plus:
lol, this is awsome...:|
Want more msn emotions? :D
MSN 8.0 Beta released....get it here :D
Hej, wanna update your Messenger :D ?
dude, this is awesome... a must see! :D
lol I just updated my Messenger and I must say IT ROCKS!!
Check this out mate, it roxxx :D !!

When first run W32/Antix-A copies itself to <System>\<newfolder>\kernel32.exe where <newfolder> is a folder created by the worm with the name constructed from the randomly chosen characters similar to the <bpzjkwrdd>.

W32/Antix-A will attempt to disable Anti-virus and firewall processes and services.

W32/Antix-A includes functionality to silently download, install and run new software including an update of itself, initiate a proxy server on the infected computer, steal passwords, act as a flooder.