Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Alias:W32/Anset@MM W32.Anset.Wourm
Size:179.712 Bytes 
Damage:Worm/Anset.b opens its attachment and makes a Registry entry. 
VDF Version: 

DistributionThe worm looks into the Outlook Address Book and in files of type .PHP, .HTM, .SHTM, .CGI and .PL on drive C:\ for email addresses. Using its own SMTP components, it sends emails with the following structure:

Subject: ANTS Version 3.0

Body: Hi, Anhängend die neue Version 3.0 von ANTS, dem bislang einzigartigen kostenlosen Trojanerscanner. Zum installieren einfach die angefügte Datei ausführen. Adieu, Andreas

Attachment: ANTS3SET.EXE

It makes a list of available SMTP servers. It also uses the following 8 anonymous servers:

If an anonymous server is used, the worm sends itself with the sender's name "Andreas Haak" and email address "".

If the server is not anonymous, the address is changed, so that the email could not be replyed.

Technical DetailsWorm/Anset.b is a 179.712 Bytes file and is packed with UPX.
When the attachment ANTS3SET.EXE is activated, the worm copies an .EXE file in Windows directory with a random name.
Then it makes the following registry entry:
[HKCU\Software\Microsoft\Windows\Current Version\RunOnce]
%variable% = "C:\%WinDIR%\%variable.EXE%
Description insérée par Crony Walker le mardi 15 juin 2004

Retour . . . .