Heads UP *** WORM_AINJO.E *******
Results 1 to 4 of 4

Thread: Heads UP *** WORM_AINJO.E *******

  1. #1
    Senior Member
    Join Date
    May 2003
    Posts
    472

    Heads UP *** WORM_AINJO.E *******

    Trend Micro's Details here...
    http://www.trendmicro.com/vinfo/viru...e=WORM_AINJO.E

    Details

    Virus type: Worm

    Destructive: No

    Aliases: W32.HLLW.Indor.E@mm, W32/Pkasa, Win32/Indowing.A, I-Worm.Ainjo.e, Win32.HLLM.Generic.132

    Overall risk rating: Low
    Reported infections: Low
    Damage Potential: High
    Distribution Potential: High
    Description
    This worm propagates via Internet Relay Chat (IRC), peer-to-peer file-sharing networks such as Kazaa, and through email using Microsoft Outlook.

    The attachment is a compressed ZIP file containing a single copy of this worm.
    Subject and Message Body
    Subject: (Any of the following)

    Re: Web Site Report
    Thank You!
    Free MP3, OGG/VORBIS Hit Songs !!
    Download DVD Movie Now !! Its Free..!
    You are Losing Income

    Message Body: (Any of the following)

    The Mastercard Stored Value Card is good anywhere in the world that Mastercard is accepted! APPLY NOW AND GET $20 FREE!! Download it Now And Get free Bonus!

    Have I peaked your curiosity?
    This is something that I think that anyone who is serious about marketing and being on the internet should check out. Save it Now !


    ATTENTION: THIS PROGRAM IS EXPLODING WORLDWIDE. THOUSANDS OF PEOPLE ARE SIGNING UP EVERY DAY CREATING ONE OF THE LARGEST MEMBERSHIP BASES IN THE WORLD!

    Hello!

    Need a quick $100 today?
    Need a quick $500 this week?
    Need to QUICKLY build a $5,000 monthly income?
    Download the attachment now !

    Attachment: (any of the following)
    SaveNow.zip
    Report.zip
    FFA.zip
    FreeJoin.zip
    Solutions
    Solution:



    Identifying the Malware Program

    Before proceeding to remove this malware, first identify the malware program.

    Scan your system with Trend Micro antivirus and NOTE all files detected as WORM_AINJO.E. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

    Terminating the Malware Program

    This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier.

    Open Windows Task Manager.
    On Windows 95/98/ME systems, press
    CTRL+ALT+DELETE
    On Windows NT/2000/XP systems, press
    CTRL+SHIFT+ESC, then click the Processes tab.
    In the list of running programs*, locate the malware file or files detected earlier.
    Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
    Do the same for all detected malware files in the list of running processes.
    To check if the malware process has been terminated, close Task Manager, and then open it again.
    Close Task Manager.
    *NOTE: On systems running Windows 95/98/ME, Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.

    Removing Autostart Entries from the Registry

    Removing autostart entries from the registry prevents the malware from executing during startup.

    Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
    In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    Windows>CurrentVersion>RunServices
    In the right panel, locate and delete the entry:
    Kernelw="%Windows%\Kernelw32.exe"
    Note: %Windows% is the default Windows folder, usually C:\Windows or C:\WinNT.
    Close Registry Editor.
    NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
    Removing Autostart Entries from System Files


    A malware modifies system files so that it automatically executes at every Windows startup. These startup entries must be removed before the system can be restarted safely.

    Open the SYSTEM.INI file. To do this, click Start>Run, type SYSTEM.INI, then press Enter. This should open the file in your default text editor (usually Notepad).
    Under the [boot] section, locate the line that begins with:
    Shell=Explorer.exe
    From the same line, delete the malware path and file name:
    SCRNSAVE.EXE=%Windows%\Blank.scr
    Locate and delete the following lines:
    [WORM]
    Name=I-WORM>PERKASA
    Author=Iwing/Indovirus
    Close the SYSTEM.INI file and click Yes when prompted to save.
    Open the WIN.INI file using your default text editor. Click Start>Run, type WIN.INI, then press Enter.
    Under the [windows] section, locate the line(s) that begin with:
    load =

    From the same line(s), delete the malware path and filename:
    %Windows%\Kernelw32.exe
    Close the WIN.INI file and click Yes when prompted to save.
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

  2. #2
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    Hey Null.. I like the format... But.. perhaps a little less information..

    Good approach just the same.. Oh and thanks for the heads up..


    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  3. #3
    It's a gas!
    Join Date
    Jul 2002
    Posts
    699
    *yawns*

    Memo to JPM: Remember to remove AV discussion threads from main page

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    472
    yes und3rtak3r may b the solution could have been provided just as a link....
    guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •