W32/AHKHeap-A
W32/AHKHeap-A is a worm that infects systems through the use of removable storage devices, such as portable USB drives. As an older infection that targets the Windows PowerPoint program as well as popular sites such as YouTube, it presents relatively little threat to a computer with up to date and running security measures. Although its threat level is considered to be relatively low, it may interfere with system operations or cause damage. Since there are no positive aspects to hosting it on your system, there's no reason to avoid deleting W32/AHKHeap-A when possible.
The Emergence and Proliferation of the W32/AHKHeap-A Worm
Security measures to protect against W32/AHKHeap-A infection have been available since 2007, and the worm itself ceased updates only a year later. It will run itself automatically to infect new systems when present on a detachable storage device, and can also use HotKey scripts to similar ends. A non-Windows system is unlikely to be threatened by this worm, since it was designed to be specific to the Windows operating system.
When installed, the W32/AHKHeap-A worm will perform typical malware behavior, such as creating registry entries and unwanted files. Most noticeably, it will slap down files onto your PowerPoint folder, possibly to preserve or replicate itself. System scans to catch the W32/AHKHeap-A worm should therefore be thorough, and not confine themselves to the main system folder or other preferred malware locations. Likewise, it's also known to create files with seemingly innocent types as .txt and .mp3. Disregard these file types as deceptive, and nuke the files when prompted by your security software.
The Off Notes W32/AHKHeap-A Worm Hits
Although you may not notice the W32/AHKHeap-A worm at first, confirming its existence is a cinch. The worm will block certain websites, such as Orkut.com and Youtube.com. If you attempt to browse these sites and instead find them blocked for no reason, W32/AHKHeap-A is likely the root of the problem.
Another common sign of W32/AHKHeap-A infection is a series of pop-ups with the word 'Mohaha' prominently displayed. This is, naturally enough, what gives the worm its nickname of (that's right, you guessed it) Mohaha.
One should assume that peripheral storage devices connected to an infected computer are also infected with W32/AHKHeap-A. Since it infects these peripherals through a hidden Autorun.inf file, not seeing any obvious signs of infection doesn't necessarily mean the device is clean! If at all possible, avoid bringing other storage devices into contact with the infected computer until the infection has been taken care of.
File System Modifications
- The following files were created in the system:
# File Name 1 \MicrosoftPowerPoint\2.mp3 2 \MicrosoftPowerPoint\drivelist.txt 3 \MicrosoftPowerPoint\Icon.ico 4 \MicrosoftPowerPoint\Install.txt 5 \MicrosoftPowerPoint\pathlist.txt 6 \MicrosoftPowerPoint\svchost.exe 7 C:\heap41a\2.mp3 8 C:\heap41a\drivelist.txt 9 C:\heap41a\Icon.ico 10 C:\heap41a\offspring\autorun.inf 11 C:\heap41a\reproduce.txt 12 C:\heap41a\script1.txt 13 C:\heap41a\std.txt 14 C:\heap41a\svchost.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.