high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 21 March 2006 06:27:30 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Minusia-A is a worm for the Windows platform.
When first run, W32/Minusia-A copies itself to:
<Program Files>\Messenger\msmsgs.exe .exe
<Windows>\Config\system.update.exe.exe
<Windows>\mmsg\mcAfee.Update.exe.exe
<Windows>\mmsg\mmsg.exe.exe
<System>\svchost.exe
<System>\ERSvc.exe
and creates the following data files:
<Windows>\Registry1.dll
<Windows>\Registry2.dll
<Windows>\system_log.txt
The following registry entries are created in order to run copies of the Worm each time a user logs on:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
mmsg
"<Path to worm copy>"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
system.update
"<Path to worm copy>"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
mcAfee.Instan.Update
"<Path to worm copy>"
The worm attempts to harvest email addresses from the Windows Address Book and send itself as an attachment. Due to bugs in the code, the email routines are likely to fail.
W32/Minusia-A also attempts to copy itself to network shares Admin$, IPC$, print$ and Printer.
The worm creates many copies of itself in various folders on the infected computer's hard disk using randomly chosen folder names as file names.
W32/Minusia-A displays the contents of system_log.txt in notepad.
The worm disables various system utilities such as the Windows TaskManager and command prompts.
|
