Protector Plus Download Antivirus
Home
Download Antivirus
Antivirus Products
Order Antivirus


Antivirus Software for Windows XP/2000/2003
Antivirus Software for Windows Me/98
Antivirus Software for Exchange 2000/2003
Antivirus Software for NetWare

W32/Ahker.J Worm

NameW32/Ahker.J Worm
AliasesWORM_AHKER.J
Discovered on 1st September, 2005

 Virus Information - W32/Ahker.J Worm:

W32/Ahker.J is an email worm. The worm will infect Windows systems and spreads through email.

The worm carry spoofed 'From' address picked up randomly from the infected system.

The subject of the infected mail will be any one of the following;

Mail Delivery System
Status
Returned mail
Server Report
Delivery Error
Mail Transaction Failed
FWD:Hey
Do not reply to this email!
There you go!
FWD:Hello
Error
Password Cracked!
The body of the infected mail will be any one of the following;

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

sendmail daemon reported:
Error #804 occured during SMTP session. Partial message has been received.

Mail transaction failed. Partial message is available.

The message contains MIME-encoded graphics and has been sent as a binary attachment.

Your credit card was charged for $500 USD. For additional information see the attachment.

The message contains Unicode characters and has been sent as a binary attachment.

Bad Gateway: The message has been attached.

ESMTP [Secure Mail System #334]: Secure message is attached.

There is the password you requested!

You have visited illegal websites!!
I have a big list of the websites you surfed.

Hotmail Cracker Version 2.25 attached!

Encrypted message is available.

It carries an infected attachment message.zip.

Upon execution of the infected attachment, the worm copies bazzi.exe to the Windows folder.

The worm modifies registry at the following location to load itself during each startup.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

The worm attempts to perform a DoS attack on the site http://www.rohitab.com.

The worm is capable of disabling the download utility Download Accelerator Plus (DAP).

To propagate itself, the worm scans the files having the following extensions and collects all the available email addresses from the infected system.

csv, ctl, dhtm, dsp, dsw, eml, fdb, hlp, imb, imh, imm, ini, jsp, ldb, ldif, log, mbx, mda, mdb, mde, mdw, mdx, mht, ml, mmf, msg, nab, nch, nfo, nsf, nws, ods, oft, php, phtm, pmr, pp, rm, xhtml and xls.

It also gathers email addresses from Temporary Internet files folder.

Anti virus for Windows Download Now!

Home Page Download Antivirus Antivirus Products Order Antivirus

Copyright © 2005 Proland Software.All rights reserved

antivirus software, anti virus software, anti virus, download antivirus, download anti virus, free antivirus, free anti virus, antivirus, download, free, windows, windows xp, xp, sp2, windows me, windows 2000, 98, 95, nt, me, 2003, netware, anti-virus, virus, worm, trojan, protector, plus, proland, virus software, spyware