Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
I-Worm.Tanger (AVP), W32.HLLW.Tang@mm (NAV), W32/Gant@MM, W32/Gant.gen@MM
21, 504 Bytes (UPX)
Spreads by email and shared networks.
The worm tries to spread by email, IRC and over P2P shared networks. It collects email addresses from Windows Address Book. The email sent by the worm contains:
A few days ago the Microsoft Network Email System automatically deleted my email account. This happened because there is a bug in the Microsoft Network Email System that may unintentionally remove email accounts without prompting. I have included a patch with this email that will fix the bug on un-patched computers. If you need help installing this file, read attached help file.
Try this new software that can download practically any .mp3 file that is found on the internet. I use this program all the time and I think it's great! Have fun!
I found a really funny ScreenSaver on the net yesterday and I think that you would find it funny like I did :) It's in the attachments. Cya!
Take a look at this email spoofer that I have included in the attachments. An email spoofer is a program that lets you email from firstname.lastname@example.org! it's really fun to use for pranks :)
I have a cool Password Cracker for you in the attachments :) this Password Cracker can crack almost any password out there! Try it for yorself!
Have you tried to crack a Hotmail password ... and failed? Try the 'Hotmail Password Cracker' program that I have included in the attachments. Happy hacking!
The worm also tries to spread over shared applications. It uses:
If the worm spreads over IRC, it uses the file SCRIPT.INI of the mIRC Client.
Worm/Outsider creates multiple copies in Windows directory. These are some of the names it uses:
It also creates worm copies in C:\
\%SYSTEMDIR%, with the following names:
The worm also modifies the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Mstng32" = C:\%WinDIR%\%SystemDIR%\Mstng32.exe (for autostart).
And it makes the registry entry:
The worm also modifies all MS-DOS batch files on the computer, so that every time a batch file is opened, the worm is activated. The following lines are inserted:
@if exist C:\%WinDIR%\%SystemDIR%\MSTng32.exe
For the macro component of the worm, there is a file named MSTngmgr32.ocx in C:\%WinDIR% directory. The following registry entry refers to the macro component's activity:
HKEY_CURRENT_USER\Software\Zed/[rRlf]\W32\TaNG\Macro "Installed" = 1
Description inserted by Crony Walker on Tuesday, June 15, 2004