Email-Worm.Ackantta
Email-Worm.Ackantta is a network aware computer Worm that attempts to replicate across any existing network. Email-Worm.Ackantta can request other malicious files from the Internet and download them onto the system. Email-Worm.Ackantta also has the ability to send out email messages with a built-in SMTP client engine which can send private emails directly to a recipient mail server for malicious purposes. Email-Worm.Ackantta contains definite characteristics of an identified security risk and should be removed immediately.
Aliases
Trojan-Dropper.Win32.Typic.bev (Kaspersky Lab)
Mal/CryptBox-A (Sophos)
Worm:Win32/Prolaco (Microsoft)
Trojan-Dropper (Ikarus)
Win-Trojan/Dracur.439808 (AhnLab)
Mal/CryptBox-A (Sophos)
Worm:Win32/Prolaco (Microsoft)
Trojan-Dropper (Ikarus)
Win-Trojan/Dracur.439808 (AhnLab)
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\SystemProc\lsass.exe 2 %ProgramFiles%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest 3 %ProgramFiles%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul 4 %ProgramFiles%\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf 5 %System%\AdobeARMI.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]HKEY..\..\..\..{RegistryKeys}[HKEY_CURRENT_USER\Identities]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.