Precisa de ajuda? Peça à comunidade ou contrate um perito.
Acesse a Avira Answers
Alias:W32/Anset@MM W32.Anset.Wourm
Type:Worm 
Size:179.712 Bytes 
Origin: 
Date:10-25-2001 
Damage:Worm/Anset.b opens its attachment and makes a Registry entry. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:Low 

DistributionThe worm looks into the Outlook Address Book and in files of type .PHP, .HTM, .SHTM, .CGI and .PL on drive C:\ for email addresses. Using its own SMTP components, it sends emails with the following structure:

Subject: ANTS Version 3.0

Body: Hi, Anhängend die neue Version 3.0 von ANTS, dem bislang einzigartigen kostenlosen Trojanerscanner. Zum installieren einfach die angefügte Datei ausführen. Adieu, Andreas webmaster@avnetwork.de http://www.ants-online.de

Attachment: ANTS3SET.EXE

It makes a list of available SMTP servers. It also uses the following 8 anonymous servers:
200.52.69.xxx
200.52.69.xxx
193.92.94.xxx
12.34.208.xxx
195.229.189.xxx
196.40.0.xxx
196.40.0.xxx
txxxd.com

If an anonymous server is used, the worm sends itself with the sender's name "Andreas Haak" and email address "webmaster@avnetwork.de".

If the server is not anonymous, the address is changed, so that the email could not be replyed.

Technical DetailsWorm/Anset.b is a 179.712 Bytes file and is packed with UPX.
When the attachment ANTS3SET.EXE is activated, the worm copies an .EXE file in Windows directory with a random name.
Then it makes the following registry entry:
[HKCU\Software\Microsoft\Windows\Current Version\RunOnce]
%variable% = "C:\%WinDIR%\%variable.EXE%
Descrição enviada por Crony Walker em terça-feira, 15 de junho de 2004

Voltar . . . .
https:// Esta janela é criptografada para sua segurança.